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.INFRASTRUCTURE  LOG 


_DAY  12:  This  is  out  of  control.  No  one  can  get  real-time 
answers.  No  one’s  collaborating .  Web  conferencing  services 
are  driving  costs  through  the  roof.  Unmanaged  public  IM  is 
a  security  nightmare.  We  need  help. 

_Gil  brought  in  a  “collaboration  accelerator . ”  I  said  it 
looked  more  like  a  cannon.  He  said  I  had  a  small  mind. 

_DAY  14:  I’ve  found  a  better  way:  IBM  Lotus®  Sametime®  7.5. 
It’s  not  just  IM  and  Web  conferencing,  it’s  an  affordable 
platform  for  running  the  business  in  real  time.  It’s 
encrypted.  Has  tons  of  features  like  VoIP  and  location 
awareness.  And  it  works  seamlessly  with  leading  public  IM 
networks.  Everyone  has  real-time  answers  now. 

_Hey,  we’ve  even  recovered  most  of  our  employees. 


Download  the  Lotus  Sametime  7.5  demo  at: 

IBM.COM/TAKEBACKCONTROL/SAMETIME 
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.INFRASTRUCTURE  LOG 

_DAY  18:  Came  to  work  and  found  everything  frozen.  Icicles 
are  everywhere.  It’s  our  processes.  They  re  inflexible. 
Hard  coded  so  we  can’t  respond  to  change. 

_Why  did  we  lock  ourselves  in  like  this?  Brrrr. 

_DAY  19:  A  way  out.  IBM  WebSphere  middleware  for  Business 
Process  Management.  It  lets  us  streamline  business  tasks 
and  optimize  performance.  We  can  simulate  and  test  our 
processes  so  we  understand  the  impact  they’ll  have,  then 
monitor  performance  once  they’re  deployed.  And  because 
it’s  based  on  a  service  oriented  architecture,  it  s  easy 
to  reuse  and  connect  existing  process-based  services. 

.Everything’s  unfrozen  now.  Wow,  it’s  good  to  feel  my 
toes  again. 
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WebSphere 


Take  the  BPM  with  SOA  Assessment  at: 

IBM.COM/TAKEBACKCONTROL/PROCESS 
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The  most  advanced 
OS  on  the  planet. 

Get  Solaris'”  10  now,  free. 
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GET  SUN 
PERFORMANCE 
ON  THE  INSIDE. 

EVEN  IF  IT  SAYS 
HP,  IBM  OR  DELL 
ON  THE  OUTSIDE 


Get  the  most  advanced  OS  on  the  planet 
for  your  HP,  IBM  or  Dell  system— free. 

Now  you  can  get  the  world  record-setting  performance  of  Solaris”  10  on  over  700  x86/x64  systems— including 
the  most  popular  systems  from  HP,  IBM  and  Dell.  Plus,  no  matter  what  system  you  run  it  on,  this  free  and 


open-source  OS  is  backed  24/7  worldwide  by  Sun’s  enterprise-class  support.  Find  out  more  and  download 


Solaris”  10  for  free  at  sun.com. 
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■  A  critical  bug  in  the  Internet  Explorer  browser  also  affects 
users  of  the  Outlook  2003  email  client,  making  it  more  serious 
than  previously  thought.The  vulnerability  can  be  triggered 
when  Internet  Explorer  or  Outlook  2003  processes  Web-based 
graphics  code  written  in  the  Vector  Markup  Language.  It  was 
first  reported  last  week  by  researchers  at  Sunbelt  Software. 
Attackers  have  not  yet  begun  exploiting  the  e-mail  bug,  but  a 
handful  of  Web  sites  now  serve  the  code,  and  hackers  have 
publicly  posted  software  that  exploits  the  vulnerability  Initially 
researchers  thought  that  only  Internet  Explorer  was  vulnerable 
to  attacks  that  exploited  this  flaw,  but  Sunbelt  has  concluded 
that  Outlook  2003  users  are  also  at  risk.  Microsoft  is  advising 
users  who  want  to  protect  themselves  to  set  Outlook  to  read 
e-mails  in  plain  text  format. 


A  lot  of  laptops  to  lose 

■  The  U.S.  Commerce  Department 
reported  last  week  that  1,137  laptops 
have  been  lost  or  stolen  since  2001, 
with  249  of  them  containing  some 
degree  of  personal  data.  The  depart¬ 
ment  couldn’t  determine  whose  data 
may  have  been  on  the  machines,  of 
which  672  belonged  to  the  Census 
Bureau.  It  wasn’t  aware  of  any  data  hav¬ 
ing  been  used  improperly  The  findings 
are  from  a  Commerce  Department 
review  covering  15  agencies  that  use  a 
total  of  30,000  laptops.lt  comes  as  busi¬ 
nesses  and  governments  try  to  tighten 
their  control  over  mobile  devices  after 
several  high-profile  incidents  concern¬ 
ing  the  loss  of  sensitive  data.  The  Cen¬ 
sus  Bureau’s  laptops  —  used  for  col¬ 
lecting  census  data  in  the  field  — 
rarely  contain  data  on  more  than  100 
households,  and  the  data  can’t  be  ac¬ 


cessed  by  the  surveyors,  many  of 
whom  are  temporary,  hourly  employ¬ 
ees,  the  department  said.  However,  the 
Census  Bureau  also  lost  15  handheld 
computers  used  to  gather  survey  data. 
As  a  result,  the  department  is  contact¬ 
ing  558  households. 

Nasdaq  threatens 
to  delist  Novell 

■  Novell  has  confirmed  the  receipt  of 
a  notice  from  the  Nasdaq  stock  market 
warning  that  its  shares  will  be  delisted 
after  the  company  delayed  filing  its 
quarterly  report  to  the  U.S.  Securities 
and  Exchange  Commission. The  ven¬ 
dor  said  last  week  that  it  will  appeal 
and  request  a  hearing  before  a  Nasdaq 
listing  qualifications  panel.  That  move 
will  automatically  stay  the  delisting  of 
See  News  Briefs,  page  9 
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'Highest  in  Customer  Satisfaction 


Upgrade  your  employees  to  the  BroadbandAccess  card  from 
Verizon  Wireless  and  give  them  the  freedom  to  work  wirelessly 
without  the  hassles  of  hotspots.  With  our  high-speed  wireless 


secure  connections  you  just  can't  count  on  from  Wi-Fi.  So  why 
not  upgrade  today. 
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r>  Our  surcharges  (incl.  2.31%  Federal  Universal  Service  (varies  quarterly),  5c  Regulatory  &  40c  Administrative/line/mo  .  &  others  by  area)  are  not  taxes  (details:  1-888-684-1888):  gov  t  taxes  and  our  surcharges  could  add  4%-33%  to  your  hill 
.  Activation. lee/tine:  $35  ($25  tor  $59.99  BroadbandAccess  plan). 

IMPORTANT  CONSUMER  INFORMATION:  Subject  to  Customer  Agmt.  Calling  Plan  &  credit  approval.  SI  75  early  termination  fee.  Requires  compatible  PC  card  (purchased  separately).  Speed  claim  based  on  our  network  tests  with  5  MB  FTP  data  files 
Vfttort  compression  Actual  throughput  speed  varies.  If  more  than  5  GB/line/month,  we  presume  use  is  for  non-permitted  uses  and  will  terminate  service:  see  brochure  for  details.  BroadbandAccess  is  available  in  181  major  metropolitan  areas  in  the 
.  U  S.  Offers  and  coverage  not  available  everywhere.  Network  details  &  coverage  maps  al  verizonwireless.com.  02006  Verizon  Wireless  Verizon  Wireless  received  the  highest  numerical  score  among  wireless  providers  in  the  proprietary  J.D  Pov/er 
'"‘i‘2006  Business  Wireless  Customer  Satisfaction  Study?"  Study  based  responses  from  2.737  total  responses,  measuring  5  providers  and  measures  opinions  of  wireless  service  decision  makers  af  businesses  of  all  sizes,  Proprietary 
and  perceptions  of  business  wireless  use&surveyed  in  January  and  Februaiy  2006.  Your  experiences  may  vary.  Visit  jdpower.com 
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News  Briefs 

continued  from  page  7 

Novell,  which  was  supposed  to  file  its  Form  10-Q 
report  to  the  SEC  earlier  this  month.  As  a  result  of  the 
delay,  Novell  and  Wells  Fargo  Bank  NA  are  bumping 
heads  over  the  terms  of  an  indenture,  the  agreement 
under  which  bonds  and  debentures  are  issued.  Wells 
Fargo  said  Novell  is  in  default  under  the  terms  of  the 
indenture,  which  require  the  company  to  file  its  10-Q 
reports  to  the  SEC  within  five  calendar  days  of  the  due 
date.  Novell  said  the  indenture  requires  it  to  provide 
the  bank  with  copies  of  all  its  SEC  filings  within  15 
days  of  the  filings  being  made. 

PBX  extended  to  cell  phones 

■  Nokia  and  Alcatel  are  jumping  the  gun  on  Wi-Fi 
phones  that  work  like  regular  office  handsets:  They’re 
offering  the  same  capability  on  ordinary  cell  phones. 
The  advent  of  VoIP  phones  and  IP  PBXs  opened  the 
door  not  only  to  business  handsets  that  sat  on  a  desk 
and  sent  packets  around  a  LAN,  but  also  to  ones  that 
could  be  carried  around  and  use  Wi-Fi.  That  can 
mean  one  handset  for  all  business  calls,  anywhere  in 
the  enterprise,  but  that  still  leaves  an  employee’s  cell 
phone  for  use  outside.  Dual-mode  cell  and  Wi-Fi 
devices  are  starting  to  emerge,  and  moving  between 
networks  raises  technical  issues.  By  year-end,  Nokia 
and  Alcatel  are  expected  to  offer  software  that  makes 
Nokia  Eseries  cell  phones,  a  line  of  smart  phones 
designed  for  business,  talk  to  the  Alcatel  IP  Com¬ 
munication  server.  That  means  they  can  be  used  like 
a  PBX-connected  desk  phone,  with  features  such  as 
call  conferencing  and  dialing  by  name,  the  compa¬ 
nies  said. 

Antispyware  legislation  sought 

■  Even  though  security  technology  is  improving,  spy- 
ware  legislation  is  still  needed  from  Congress,  be¬ 
cause  many  consumers  don’t  use  all  the  tech  tools 
available  to  them,  antispyware  groups  said  last  week. 
Antispyware  groups  including  the  Center  for  Demo¬ 
cracy  and  Technology  and  StopBadware.org  called 
on  Congress  to  pass  antispyware  legislation  during 
the  last  days  of  the  2006  session.  Although  some  stud¬ 
ies  show  a  small  decrease  in  the  amount  of  spyware 
on  PCs,  the  use  of  spyware  that  logs  keystrokes  seems 
to  be  going  up,  said  Ari  Schwartz,  deputy  director  of 
the  CDT.The  issue  is  everyone’s  still  making  money 
doing  this,”  Schwartz  said  during  an  antispyware  dis¬ 
cussion  in  Washington,  D.C.  Spyware  distributors 
identified  by  the  Federal  Trade  Commission  or  the 
CDT  can  pull  in  tens  of  millions  of  dollars  in  revenue 
annually,  he  added. 

AT&T  to  add  back  outsourced  jobs 

■  AT&T  will  add  about  2,000  previously  outsourced 
technical  support  jobs  to  its  own  payroll,  the  com¬ 
pany  announced  last  week.  The  jobs  are  related  to 
supporting  AT&T  DSL  customers  who  self-install 
their  service  or  have  other  basic  questions,  AT&T 


said.  The  jobs,  to  be  added  to  AT&T’s  payroll  by  the 
end  of  2008,  have  been  provided  by  outsourcing 
vendors  in  the  United  States  and  over¬ 
seas.  An  AT&T  spokesman  did  not  have  a 
breakdown  of  where  the  outsourcing  jobs 
were.  The  decision  is  an  “example  of  how 
we’re  working  together  with  our  union  to 
add  jobs  in  growing  parts  of  our  company/ 

Bill  Blase,  AT&T’s  executive  vice  presi¬ 
dent  for  labor  relations,  said.  AT&T  is 
assessing  where  to  locate  the  jobs,  the 
company  said. 

NSF  funds  advanced  research 

■  The  National  Science  Foundation  said  last  week  it 
will  spend  $6  million  during  the  next  three  years  to 
support  a  new  consortium  designed  to  identify  major 
computing  research  opportunities,  including  those  in¬ 
volving  large-scale  computing.  The  Computing  Re¬ 
search  Association  has  been  put  in  charge  of  creating 
the  Computing  Community  Consortium,  which  will 
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TheGoodTheBadTheUgly 

<  CIOs  looking  out  for  others.  The 

Society  for  Information  Management  (SIM)  professional 
association  has  formed  a  philanthropic  organization  to 
support  local  and  national  initiatives  to  advance  the  IT 
profession.  The  nonprofit  SIM  Foundation  will  commission 
research  projects,  support  initiatives  to  increase  the 
number  of  students  majoring  in  IT  and  promote  leader¬ 
ship  development  in  IT. 

Not  what  Microsoft  wants  to 

hoar.  Gartner  analysts  expect  the  release  of 
Windows  Vista  next  year  will  have  little  impact  on  boosting  PC  sales. 
“While  we  think  the  [Vista]  marketing  campaign  will  attract  people,  we 
don't  see  enough  there  to  attract  a  mass  movement  or  a  big  growth 
spurt,"  said  George  Shiffler,  a  Gartner  research  director.  “We  don't 
think  it  will  encourage  enough  people  to  replace  [their  PCs]  right  then 
and  there." 

No.1  threat:  Cross-site  scripting.  Goodbye 

buffer  overflows,  hello  cross-site  scripting.  Well,  not  exactly,  but 
research  organization  Mitre  has  found  that  cross-site  scripting  is  the 
current  favorite  sort  of  vulnerability  for  hackers  to  exploit  with  mal¬ 
ware.  Cross-site  scripting  vulnerabilities  are  typically  found  in  Web 
applications. 


“We  don’t  outsource  application 
development,  because  we’re 
going  to  have  to  live  with  it  after 
it’s  done.” 

Mike  Jones,  CIO  of  Children ! s  Hospital  Health  System 
in  Milwaukee 

See  www.nwdocfmder.com/5372 

be  a  liaison  between  local  communities  and  the  NSF’s 
Global  Environment  for  Networking  Innovations 
Project.  The  CCC  will  provide  scientific  oversight  for 
that  next-generation  Internet  project  and  other  big 
NSF  undertakings.The  CCC  will  have  nine  to  15  mem¬ 
bers  and  a  chairperson.The  CRA  is  a  30-year-old  orga¬ 
nization  with  members  at  more  than  250  research 
entities  in  academia,  industry  and  government. 

Mobile  firms  eye  greener  phones 

■  If  just  a  small  portion  of  the  world’s  mobile  phone 
users  unplugged  their  charger  when  the  battery  is 
full,  it  could  save  enough  electricity  to  power  thou¬ 
sands  of  homes.  So  said  Nokia  last  week,  as  it  un¬ 
veiled  a  new  industry  group  that  aims  to  make 
mobile  phones  more  environmentally  friendly.  The 
group  includes  Motorola,  France  Telecom,  Vodafone, 
TeliaSonera  and  others.  It  was  created  as  part  of  a 
European  Commission  project  aimed  at  uniting 


members  of  different  industries  to  work  on  reducing 
the  environmental  impact  of  their  products.  Members 
of  the  new  group  will  try  to  educate  people  more 
about  how  they  can  reduce  the  environmental 
impact  of  using  their  cell  phones.  For  example,  man¬ 
ufacturers  will  start  displaying  a  reminder  on  phones 
to  unplug  chargers  once  the  battery  is  charged.  The 
companies  also  will  reduce  the  hazardous  materials 
they  use  beyond  what  current  laws  require.  One  ex¬ 
ample  is  Nokia’s  decision  to  stop  using  components 
in  its  phones  that  contain  a  type  of  environmentally 
harmful  chemical  flame  retardant. 

HP’s  Army  deal  could  be  worth  $5b 

■  Despite  a  boardroom  scandal  that  seems  to 
deepen  every  day  HP  has  won  new  contracts  recently 
including  one  that  could  be  worth  $5  billion  over  the 
next  10  years.  The  U.S.Army  awarded  HP  a  contract 
that  allows  several  U.S.  agencies  to  order  HP  products, 
including  desktop  PCs,  laptops,  printers, scanners  and 
displays.  The  deal  does  not  include  specific  volumes 
of  products,  but  HP  estimates  that  it  will  be  worth  $5 
billion.  The  contract  could  last  as  long  as  10  years  if 
the  groups  agree  on  optional  extensions.  HP  expects 
to  begin  taking  orders  Oct.  1.  HP  has  also  signed  a 
seven-year  extension  on  an  outsourcing  deal  with 
DirecTV  HP  will  continue  providing  IT  operations  and 
applications  testing  services  that  help  DirecTV  intro¬ 
duce  new  services,  acquire  customers  and  ensure 
bills  are  sent  accurately  and  quickly 


“Wow!  Look  how  fast 
the  hamster  runs!” 


David  Boring  of  Vista,  Calif.,  wins  our  latest  Weekly  Caption  Contest.  Join  us 
each  Monday  for  the  start  of  a  new  round. 
www.networkworld.com/weblogs/layer8 


Acquisitions  force  AT&T, 
Verizon  to  deal  with  bills 


Verizon  finds  MCI  had  a 
habit  of  creating  a  new 
billing  system  for  every 
new  service. 

BY  DENISE  PAPPALARDO 

Last  year’s  multibillion  combinations  of  Verizon- 
MCI  and  AT&T-SBC  resulted  not  only  in  the  two 
biggest  U.S.  carriers,  but  in  two  monster  billing  inte¬ 
gration  projects. 

Neither  megacarrier  has  made  much  headway 
in  consolidating  its  billing  systems,  but  they  do 
have  plans  underway  and  are  taking  interim  steps 
designed  to  boost  customer  service.  Verizon  at 
this  point  is  more  forthcoming  than  AT&T  about 
its  efforts. 

Customers  are  eagerly  awaiting  the  integrated  sys¬ 
tems,  which  should  result  in  more  accurate  and  eas- 
ier-to-understand  bills.  For  now  though,  customers 


say  they  are  just  happy  the  mergers  haven’t  messed 
up  their  bills. 

“Right  now  billing  systems  are  very  siloed,”  says 
Burt  Sky  director  of  carrier  strategies  and  operations 
at  Gartner.  Consolidating  them  should  benefit  cus¬ 
tomers  and  the  carriers,  which  would  be  able  to  cut 
costs  and  speed  service  rollouts,  he  says. 

Verizon  is  in  the  early  stages  of  a  two-and-a-half 
year  plan  to  streamline  30  billing  systems  into  four 
platforms,  says  Dave  Landry,  executive  director  of 
billing  systems  at  Verizon  Business  Information 
Systems. 

The  challenge  is  great  in  part  because  billing  sys¬ 
tems  mushroomed  at  MCI  in  the  years  before  the 
merger  as  a  result  of  the  company’s  many  acqui¬ 
sitions  and  its  habit  of  creating  a  billing  system  for 
every  new  service  deployed,  Landry  says. 

Verizon  eliminated  one  voice  billing  system  soon 
after  the  companies  merged  and  plans  to  consoli¬ 
date  dedicated  data  service  billing  platforms  in  the 

See  Billing,  page  40 


Enterprise  appliances 
reign  at  DemoFall  2006 


BY  SANDRA  GITTLEN 

SAN  DIEGO  —  Forget  building  out  your  infra¬ 
structure  to  support  cutting-edge  applications.  If 
this  week’s  DemoFall  2006  conference  is  any  indi¬ 
cation,  the  future  is  in  appliances. 

Among  the  70  new  technologies  debuting  at 
DemoFall,  appliances  that  can  do  just  about  any¬ 
thing  IT  organizations  require  —  from  handling  bot¬ 
net  attacks  to  managing  videoconferencing  to  en¬ 
abling  real-time  enterprisewide  collaboration  — 
will  take  center  stage. 

Demo  Executive  Producer  Chris  Shipley  says 
appliances  are  a  growing  trend. 'Appliances  deliver 


DekiBox  brings  wikis  to  the  enterprise. 


the  value  of  enter-  «m  i  t 

prise  software  and  I  j  L.  Jy  A  |  \  | 
ease  the  burden  ■  /  j  I  y  y 

of  IT  infrastruc¬ 
ture  management.  There  is  so  much  innovation  in 
this  area,  and  it  is  bound  to  impact  the  way  in 
which  IT  infrastructure  is  organized," she  says. 

For  IT  executives,  here  are  the  enterprise  tech¬ 
nologies  that  will  catch  your  eye  at  this  year’s  show 
(Note::  Demo  is  operated  by  the  Network  World  Live 
Events  and  Executive  Forums  division): 

DekiBox 

Company:  MindTouch  Business  Solutions 

Web  site:  www.mindtouch.com 

Details:  Appliance  available  in  two  versions:  25- 
user  configuration  for  $3,000;  100-user  configura¬ 
tion  for  $5,000. 

Challenge:  Users  are  beginning  to  see  the  power 
of  wikis,  which  are  Web  sites  that  enable  real-time 
collaboration  through  file  sharing,  chat  sessions 
and  other  real-time  tools.  While  these  open  source 
tools  can  be  powerful,  they  also  pose  risks,  as  the 
data  being  shared  and  transmitted  is  not  secured. 

Solution:  The  MindTouch  DekiBox  (Deki  is 
Japanese  for  “smart”)  appliance  matches  IT-level 

See  Demo,  page  38 


NAC,  wireless 
convergence  face 
many  challenges 


Interop  speak¬ 
ers  also  expose 
network 
management’s 
weaknesses. 

BY  TIM  GREENE,  PHIL 
HOCHMUTH  AND  DENISE  DUBIE 

NEW  YORK  —  Hot  topics  such 
as  network  access  control  and 
convergence  of  cellular  and  Wi¬ 
Fi  voice  lured  IT  decision¬ 
makers  to  Interop  last  week, 
where  they  got  to  see  the  latest 
advances  but  also  were  warned 
that  technology  shortcomings 
mean  they  should  proceed 
slowly  with  rollouts. 

For  the  second  year  in  a  row,  In¬ 
terop  took  place  in  New  York  as  a 
complement  to  the  main  Las 
Vegas  show  held  in  the  spring. 
Show  planners  were  hoping  for 
7,000  attendees,  but  had  no  final 
count  last  week.  CA,  Juniper  and 
Symantec  executives  delivered 
keynote  addresses,  and  more 
than  150  vendors  exhibited  — 
though  big  names  such  as  Cisco 
and  IBM  did  not. 

Getting  plenty  of  attention  at  the 
show  was  NAC,  which  involves 
checking  devices  for  compliance 
with  security  policies  before 
being  granted  network  access.  At 
issue  is  how  different  NAC  ap¬ 
proaches  will  be  integrated  and 
how  long  it  will  take  for  stan¬ 
dards,  such  as  those  being  devel¬ 
oped  by  the  Trusted  Networking 
Group  (TCG),to  gel. 

“It  will  be  a  gradual  process 
over  time”  said  TCG  supporter 
Steve  Hanna,  a  distinguished  en¬ 
gineer  with  Juniper  who  partic¬ 
ipated  on  an  NAC  panel. 

A  representative  on  the  panel 
from  Cisco,  which  promotes  its 
own  NAC  architecture  and  does 
not  work  with  TCG,  said  that  even 


More  from  Interop 

•  Our  reporters' 
notebook  looks  at  the 
lighter  side  of  the 
show,  including  where 
John  Chambers  could 
be  found. 

www.nwdocfinder.com/5374 


•  VoIP  converts  say  goodbye  to 
Centrex.  Page  16. 


•  Plus  additional 
coverage  online, 
including  keynote 
addresses  by 
Juniper's  Scott 
Kriens  (left)  and  CA's 
John  Swainson. 
www.nwdocfinder.com/5350 


over  time  the  variety  of  corporate 
networks  will  preclude  a  simple 
solution  for  all  cases.  “You’re 
always  going  to  have  so  many 
corner  cases.  You’ll  never  have  a 
magic  [endpoint-checking] 
agent  that  tells  you  everything,” 
said  Thomas  Howard,  security 
solutions  engineer  for  Cisco. 

Customers  may  need  to  rein  in 
their  enthusiasm  for  NAC  and 
conduct  a  basic  evaluation  of 
whether  they  need  it,  experts 
said.  “People  don’t  even  know 
what  they  want.  It’s  really  scaryf 
Howard  said. 

Employees  working  in  business 
functions  at  corporations  need  to 
define  how  much  access  groups 
of  employees  need  so  IT  staff  can 
write  the  appropriate  policies, 
said  Denzil  Wessels,  technical 
marketing  manager  for  Juniper. 
“Get  people  in  the  right  groups. 
You  need  business  maturity  to  do 
this,”  he  said. 

Panelist  David  Greenstein, 
chief  architect  for  StillSecure, 
agreed  that  such  policies  should 

See  Interop,  page  16 
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SECURING  PRODUCTIVITY 


www.websense.com/security 


Crimeware  takes  many  forms— keyloggers,  spyware,  Trojan  horses— but  has  only  one 
purpose,  to  compromise  your  defenses.  Websense  searches  more  than  75  million  websites 
every  day  to  find  these  threats  before  they  can  strike.  Because  they  will  stop  at  nothing. 
Get  proactive. 


PEER8AY 

From  our  online  forums 


m  Outsourcing?  Why  not? 

Should  American  companies 
not  outsource  to  overseas  con¬ 
tractors?  One  user  says  no: 
"Businesses  do  not  exist  to 
help  you  make  a  living  or  feed 
your  family,  They  exist  to  make 
money  and  nothing  else.  If  you 
want  to  feed  your  family,  you 
have  to  do  some  useful  work 
for  the  corporation.  If  some¬ 
body  else  can  do  the  same 
work  you  can  for  a  lot  less 
money,  the  business  should  hire 
them  and  nicely  let  you  go," 
www.nwdocfinder.com/5362 

■  The  10-pound  laptop.  One 

reader  cannot  believe  the 
newest  Toshiba  Qosmio  laptop 
weighs  in  at  10  pounds:  "This  is 
absolutely  a  Godzilla  laptop.  I 
used  to  have  a  toshiba  satellite 
laptop  that  weighed  about  8 
pounds,  which  cause  my  back 
pain  for  carrying  the  laptop  to 
school  everyday." 
www.nwdocfinder.com/5363 

■  Users  and  developers  as  a 
security  risk.  In  a  debate  over 
whether  users  will  get  so 
annoyed  by  new  security  func¬ 
tions  in  Microsoft  Vista  that 
they  will  turn  them  off,  Aaron 
Parker  says  developers  must 
share  blame  for  security  prob¬ 
lems:  “It's  up  to  developers  to 
get  off  their  collective  behinds 
and  learn  how  to  program  and 
up  to  us  to  educate  users  that 
security  is  a  good  thing." 
www.nwdocfinder.com/5364 

■  VoIP  peering.  The  debate 
over  proprietary  vs.  open- 
source  IP  PBX  continues.  One 
user  wonders  why  universities 
couldn't  create  their  own  VoIP 
peering  system  to  let  students 
make  local  calls  across  the 
country  for  free. 
www.nwdocfinder.com/5365 


Power  players 

Who  among  your  colleagues  and  peers 
do  you  consider  a  potent  industry  force, 
and  why?  Tell  us,  and  well  consider  them 
for  our  annual  50  most  powerful  people 
in  networking  list. 

www.nwdocfindor.coin/5344 
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BLOGOSPHERE 

E-mail-Web  death  match  rages 

Plus:  The  $14,000  phone,  frank  feedback  and  software  legalese. 


Buzzblog’s  Paul  McNamara  got  a  ton  of  feed¬ 
back  when  he  asked  readers  last  week  which 
they’d  rather  give  up  forever  —  e-mail  or  the 
Web.  Some  readers  chose  one,  some  chose  the 
other,  and  some  would  rather  be  shot  than  be 
forced  to  make  that  choice. What  would  you  do? 
www.nwdocfinder.com/5355 

One  giant  leap  for  incomprehensible 
legalese.  Network  World  blogger  Ken 
Fasimpaur  discovers  a  software  company  that  is 
taking  baffling  legalese  one  step  further  than 
most  —  by  hitting  you  with  it  before  you  even 
download  its  software.  Can  you  figure  out  what 
the  lawyers  are  trying  to  say?  And  would  you 
download  software  from  this  company? 
www.nwdocfinder.com/5356 

The  $14,000  rotary  phone.  Layer  8  finds  out 


that  AT&T  has  been  raking  it  in  from  an  Ohio 
widow  who’s  been  leasing  her  black  rotary 
phone  since  1964.  Forty-two  years  of  lease  pay¬ 
ments  mean  that  82-year-old  Ester  Strogen  paid 
$14,666.40  to  rent  two  rotary  phones  over  that 
time,  even  though  AT&T  let  customers  opt  out  of 
the  leasing  option  starting  in  1985. 
www.nwdocfinder.com/5357 

So,  how  do  you  really  feel  about  my  soft¬ 
ware?  Executive  Editor  Adam  Gaffin  comes 
across  a  blog  that  argues  that  negative  user  feed¬ 
back  is  the  best  feedback  of  all  —  once  you  get 
past  the  initial  comments.  One  user  of  the  blog¬ 
gers  software  deemed  it  “the  most  white  male 
fascist  tool  I’ve  ever  had  the  misfortune  to  use.” 
While  getting  the  feedback  was  painful,  it  also 
was  “a  really  valuable  learning  experience.” 
www.nwdocfinder.com/5358 


Hot  Seat  interviews,  the  coolest  tools,  and  more 


Hot  Seat: 

The  Enemy 
Within 

Author 
Brian 

Contos  talks  with  John 
Gallant  about  why  your 
employees  are  more  dan¬ 
gerous  and  costly  than 
hackers  or  cyber-criminals. 
www.nwdocfinder.com/5359 


Cool  Tools: 

Vinyl 
Madness 

Keith 

Shaw  tests 
a  device  that  lets  you  con¬ 
vert  old  record  albums  into 
digital  formats  quickly  and 
easily. 

www.nwdocfinder.com/5360 


Twisted 
Pair 

Podcast: 

Jason 
Meserve 
and  Keith  Shaw  pontificate 
about  the  Motorola/Symbol 
deal,  Russian  porn  sites 
and  malware,  and  try  to  fig¬ 
ure  out  why  companies  still 
want  to  take  on  the  iPod. 
www.nwdocfinder.com/5361 


ASK  THE 

HELPDESK  Find  the  answers  to  these  prickly  problems  online. 

This  week:  Giving  users  access  to  Cisco  box  via  Linksys  router. 


Help  desk  guru  Ron  Nutter  helps  a  user  figure 
out  how  to  give  his  end  users  access  to  a 
Cisco  P1X  box  via  a  Linksys  wireless  router. 

Help  Desk  response: 
www.nwdocfinder.com/5366 

The  experts  at  the  Wireless  Vulnerabilities  and 
Exploits  project  explain  how  clients  probing 
for  preferred  networks  can  be  exploited. 

Help  Desk  response: 
www.nwdocfinder.com/5367 


Security  newsletter  writer  M.E.  Kabay  explains 
how  to  avoid  vishing  —  phishing  over  voice. 

Help  Desk  response: 
www.nwdocfinder.com/5368 

Storage  newsletter  writer  Mike  Karp  looks  at 
the  other  side  of  disaster  recovery:  What  if 
you’re  data  is  OK,  but  your  people  aren’t? 

Help  Desk  response: 
www.nwdocfinder.com/5366 


BEST  OF  NWS 

NEWSLETTERS 

Red  Hat 
releases  Xen- 
enabled  beta 

Plus:  Digital  ID  World 
news. 

Linux  in  the  enterprise:  Red 

Hat  this  month  launched  the 
beta  version  of  Enterprise  Linux 
5,  the  first  version  of  the  compa¬ 
ny’s  enterprise-class  operating 
system  to  include  built-in  virtu¬ 
alization  technology  Senior 
Editor  Phil  Hocmuth  reports  on 
what’s  inside  the  much-antici¬ 
pated  platform. 

www.nwdocfinder.com/5351 

Identity  management: 

Columnist  Dave  Kearns  gives 
the  lowdown  on  happenings  at 
the  recent  Digital  ID  World  con- 
ference.The  biggest  noise  was 
Microsoft’s  Open  Specification 
Promise  announcement  to  free 
up  access  to  a  whole  slew  of 
protocols  —  especially  those 
that  provide  the  underpinnings 
to  its  upcoming  CardSpace 
identity  system. 

www.nwdocfinder.com/5352 

Convergence:  Respondents  to 
a  recent  survey  cited  security 
concerns  and  the  lack  of  sys¬ 
tems  for  managing  and  trou¬ 
bleshooting  VoIP  quality  as  an 
impediment  to  convergence. 
Analysts  Steve  Taylor  and  Larry 
Hettick  list  customers’  key  VoIP 
management  requirements. 
www.nwdocfinder.com/5353 

Service  provider  news 
report:  New  York  City  is  build¬ 
ing  the  first  wireless  network 
capable  of  providing  true  broad¬ 
band  speeds  to  fast-moving 
vehicles  such  as  police  cars  and 
fire  trucks.  New  York  City  offi¬ 
cials  recently  awarded  the  five- 
year,  $500  million  wireless  pro¬ 
ject  to  Northrop  Grumman. 
Senior  Editor  Carolyn  Duffy 
Marsan  reports. 

www.nwdocfinder.com/5354 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40 
newsletters  on  key  network  topics. 

www.nwdocfinder.com/1 002 


Oracle  Database 
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ORACLE 


In  an  independent  survey  of  database  owners,  WinterCorp  found  the  following 
running  on  Oracle: 

World's  Largest  Commercial  Database:  100TB 

World's  Largest  Linux  Data  Warehouse 

; 

World's  Largest  Linux  &  Unix  Transaction  Processing  Systems 

.  •  'f.  .  :/>.  .  > 

World's  Largest  Unix  Data  Warehouse 
9  of  the  10  Largest  Unix  Transaction  Processing  Systems 


WinterCorp  2005  TopTen  Program 


Oracle  Database— 

The  facts  speak  for  themselves. 


oracle.com 

or  call  1.800.0RACLE.1 


Copyright  ©  2005,  Oracle.  All  rights  reserved.  Oracle,  JD  Edwards  and  PeopleSoft  are  registered  trademarks  of  Oracle  Corporation  and/or  its  affiliates.  Other  names  may  be  trademarks  of  their  respective  owners. 
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Motorola  sees  Symbol  at  heart  of  goals 

Deal  caps  dramatic  turnaround  at  wireless  device  maker. 


Symbolizing  Motorola 

Motorola  plans  to  blend  Symbol  Technologies'  device  and 
wireless  LAN  expertise  with  its  own  WAN  technology. 


Symbol  product  lines: 

Motorola  product  lines: 

Barcode  scanners  (fixed,  mobile,  rugged) 

Cellular  networks 

Mobile  computers  (industrial  and  enterprise) 

RFID  readers,  antennas,  tags 

WLAN  infrastructure  (access  points,  switches, 
bridges,  network  interface  cards) 

Wireless  broadband  (mesh, 
proprietary,  WiMAX) 

Wireline  networks  (fiber,  IPTV) 

Motorola  Q  smart  phone 

Mobile  point-of-sale  payment  systems 

Device  and  WLAN  management 

BY  JOHN  COX 

Motorola  is  getting  a  lot  for  its  $4 
billion  buyout  of  Symbol  Tech¬ 
nologies.  But  whether  that  in¬ 
cludes  a  future  for  what  Motorola 
executives  call  enterprise  mobil¬ 
ity  remains  to  be  seen. 

The  acquisition,  announced 
last  week,  gives  Motorola  access 
to  a  blue-chip  list  of  customers  in 
key  vertical  markets,  where 
Symbol’s  diverse  product  portfo¬ 
lio  has  been  strong.  Those  prod¬ 
ucts  include  rugged  handheld 
computers,  bar  code  readers, 
wireless  point-of-sale  systems, 
wireless  LAN  (WLAN)  infrastruc¬ 
ture,  and  more  recently  RFID 
readers  and  tags. 

Those  products,  and  their  enter¬ 
prise  success, are  the  fruit  of  a  sus¬ 
tained,  muscular  R&D  effort, 
which  has  resulted  in  910  U.S. 
patents  and  680  international 
patents  for  Symbol.  Motorola 
executives  cited  the  patents  as  a 
key  attraction. 

The  deal  caps  a  dramatic  turn¬ 
around  for  Symbol,  which  saw  its 
reputation  tarnished  by  years  of 
losses,  mismanagement  and  scan¬ 


dal.  A  pack  of  former  top  execu¬ 
tives  were  indicted  in  2004  for 
accounting  fraud. 

“Symbol  today  is  not  the  Symbol 
of  three  years  ago,”  says  Abner 
Germanow,  director  of  enterprise 
network  research  for  IDC. “Three 
years  ago,  it  was  a  financial  mess, 
their  support  services  were  a  dis¬ 
aster  area,  and  their  products  were 
old.”  Today  he  says,  the  company  is 
profitable,  the  support  services  are 
world  class  and  the  product  lines 


have  been  refreshed. 

Symbol  in  its  most  recent  fiscal 
year  reported  revenue  of  $1.77  bil¬ 
lion,  virtually  flat  compared  with 
the  $1.73  billion  in  fiscal  2004. 
Profits  were  hit  hard:  $32.2  mil¬ 
lion,  down  from  $81.8  million. 

Motorola  plans  to  marry  Sym¬ 
bol’s  expertise  in  devices,  device 
management  and  short-range 
wireless  networking,  and  blend  it 
with  Motorola’s  wide-area  tech¬ 
nologies,  such  as  mesh  network¬ 


ing,  two-way  radios,  cellular  net¬ 
working  and  soon  WiMAX  wire¬ 
less  broadband. 

“They  have  an  [enterprise]  cus¬ 
tomer  list  I’d  die  for]’ says  Motorola 
Chairman  and  CEO  Ed  Zander, 
speaking  at  a  press  conference 
last  week.  “We  can  pitch  them, 
with  our  [telecom]  carrier  part¬ 
ners,  a  total  mobility  solution 
across  the  enterprise.” 

“We  are  very  bullish  on  the  com¬ 
plementarities  and  the  integration 
of  these  technologies,”  says  John 
DeFeo,  corporate  vice  president 
for  enterprise  products  in  Motor¬ 
ola’s  Enterprise  Mobility  Solu- 
tions.“This  is  a  vision  [of  network 
convergence]  that’s  becoming 
more  and  more  real  every  da/ 

“Symbol  embodies  all  of  Motor¬ 
ola’s  enterprise  aspirations,”  De¬ 
Feo  says. 

But  in  the  short  term,  those  aspi¬ 
rations  will  yield  to  more  modest 
and  immediately  practical  aims, 
IDC’s  Germanow  says.  Motorola 
can  bring  WAN  technology  exper¬ 
tise  quickly  to  a  wide  range  of 
Symbol  products,  he  says. 

The  first  evidence  of  that  is  likely 


to  be  what  Symbol  calls  its  RF 
Switch,  announced  earlier  this 
year  as  part  of  a  new  wireless 
architecture  that  can  support 
multiple  radio  technologies.  The 
switch  was  originally  scheduled 
to  appear  at  year-end, supporting 
WLAN  and  RFID,  and  working 
with  250  access  points,  com¬ 
pared  with  the  48  supported  by 
Symbol’s  flagship  WS5100  WLAN 
switch.  Later,  the  new  architec¬ 
ture  could  let  Symbol  add  mod¬ 
ules  for  other  wireless  options, 
including  WiMAX,  cellular  inter¬ 
faces  and  short-range  ZigBee 
sensor  networks. 

“The  success  [of  the  deal]  really 
depends  on  how  much  autonomy 
Motorola  provides  Symbol  for 
their  product  design,” says  Rachna 
Ahlawat,  research  director  of  en¬ 
terprise  reporting  at  Gartner. 
“Symbol  still  needs  to  do  a  lot  of 
catch-up:  they  need  bigger 
[WLAN]  controllers  for  enterprise 
wireless  deployments.” 

A  key  Symbol  strength  is  its 
device  management, she  says.This 
month,  Symbol  is  scheduled  to 
introduce  a  revamped  manage¬ 
ment  application  for  its  WLAN 
product  line,  incorporating  for  the 
first  time  radio  spectrum  monitor¬ 
ing  and  management. 

“Symbol  has  done  much  more 
than  other  vendors  in  integrating 
and  managing  every  tag  or 
device  that  you  connect  [wire¬ 
lessly]  to  your  infrastructure,” 
Ahlawat  says. 

One  potential  problem  is  how 
well  Motorola  integrates  the  two 
companies,  Germanow  says.  “Mo¬ 
torola  isn’t  known  for  a  lot  of 
mergers,  and  this  is  one  of  the 
biggest  in  its  histor/’he  says.“They 
need  to  make  sure  they  don’t  lose 
the  momentum  that  Symbol  has 
started  to  generate  over  the  last 
few  quarters.” 

“I’m  not  worried  about  it  at  all,” 
says  Marc  Rothman,  senior  vice 
president  of  finance  and  busi¬ 
ness  development  for  Motorola’s 
Networks  &  Enterprise  business, 
which  will  now  include  Symbol. 

“We’ve  done  an  outstanding 
job  of  portfolio  management, 
including  merging  two  big  divi¬ 
sions  [to  create  the  Networks  & 
Enterprise  group],  both  of 
which  were  about  $5  billion 
businesses,”  he  says.  ■ 


Cisco  switch  gear  aims  at  data  center 

Eight-port  10G  blade,  blade  server  switch  set  to  debut 


BY  PHIL  HOCHMUTH 

A  pair  of  new  Cisco  switch  products  re¬ 
leased  this  week  —  an  eight-port,  10G  Ether¬ 
net  core  switch  module  and  a  Gigabit  Ether¬ 
net  blade  server  switch  —  are  targeted  at 
high-traffic  enterprise  data  centers  that  re¬ 
quire  large  network  pipes  and  low  traffic 
latency,  the  company  says. 

The  offerings  include  an  eight-port  10G 
Ethernet  module  for  the  Catalyst  6500  core 
switch,  as  well  as  the  Catalyst  Blade  Switch 
3040,  a  lOG-capable  blade  that  works  with 
Fujitsu  Siemens’  Primergy  blade  server  equip¬ 
ment.  These  products  promise  greater  band¬ 
width  for  enterprise  data  centers,  allowing 
core  switches  to  link  to  other  devices  via  10G, 
and  opening  up  the  flow  of  network  traffic 
to  server  blades  running  inside  a  chassis. 
Additionally  Cisco  is  launching  an  online  col¬ 
laboration  program  through  which  users  can 
share  scripts  written  for  automating  Cisco 
switch  and  router  management. 

The  new  Catalyst  6500  module  is  Cisco’s  first 
eight-port  10G  Ethernet  blade.  An  eight-port 
10G  module  is  nothing  new  to  the  industry  as 
Foundry  Networks,  Extreme  Networks  and 


ForcelO  Networks  have  shipped  10G  modules 
with  eight  or  more  ports  for  some  time.  Except 
for  ForcelO,  Extreme’s,  Foundry’s  and  Cisco’s 
new  modules  operate  as 
oversubscribed:  The  total 
aggregate  bandwidth  for  all 
ports  exceeds  the  total 
switching  capacity  of  the 
switch  chassis’  slots  in 
which  the  modules  sit. 

Deploying  oversubscribed 
switches  is  a  common 
practice  in  data  centers,  as 
it  allows  more  servers  or 
other  devices  to  attach  to  the  network. 

Cisco  says  the  eight-port  10G  module  in¬ 
cludes  the  DFC-3C  forwarding  engine  card, 
which  boosts  switching  speed  of  the  device  by 
60%  over  Cisco’s  previous  four-port  10G  blade. 
The  blade  can  switch  as  much  as  64Gbps  of 
traffic  among  different  ports  on  the  blade 
(40Gbps  of  bandwidth  is  available  between 
the  Catalyst  6500’s  slot  and  the  backplane  of 
the  switch). 

Other  module  improvements  include 
beefed-up  packet  buffers  inside  the  hardware 


and  the  design  ASIC-to-port  ratio  of  the  mod¬ 
ule.  Cisco’s  four-port  blade  had  16MB  of  packet 
buffering  memory;  the  new  module  has 
256MB  for  buffering.  This 
keeps  the  10G  ports  from 
being  overwhelmed  by 
traffic  bursts,  so  that  pack¬ 
ets  are  not  dropped,  says 
Marie  Hattar,  senior  direc¬ 
tor  for  routing  and  switch¬ 
ing  at  Cisco. 

Cisco  also  has  built 
more  switching  ASICs 
into  the  blade,  with  a  chip 
for  every  corresponding  port,  which  the  com¬ 
pany  says  improves  performance.  Cisco’s  pre¬ 
vious  multiport  10G  blades  shared  switching 
ASICs  among  ports,  as  do  products  from 
competitors. 

“You  could  potentially  flood  that  ASIC  if  you 
oversubscribe  that  way”  Hattar  says.  “What 
we’ve  done  is  oversubscribe  on  the  fabric 
level,”  where  the  number  of  ports  exceeds  the 
switching  capacity  of  the  module,  while  each 
port  gets  its  own  traffic-processing  chip. 

See  Cisco,  page  20 


Cisco's  eight-port  10G  Ethernet  blade 
can  switch  as  much  as  64Gbps  of  traf¬ 
fic,  the  company  says. 


For  DHL, 

the  power 
of  IT  delivers 
over  four  million 

promises  a  day. 

Unified  and  simplified  package  tracking:  a  logistical  dream. 

The  best  way  for  DHL  to  move  more  packages  is  to  move  more  information.  CA  software 
enabled  DHL  to  unify  and  simplify  its  global  package  tracking  system.  The  increased 
efficiency  gave  a  world  leader  in  delivery  services  the  ability  to  handle  more  packages 
more  accurately.  CA  helps  DHL  put  the  customer  service  back  in  shipping  as  they  deliver 
over  one  billion  promises  each  year.  Learn  how  CA  software  solutions  enable  enterprises 
like  DHL  to  realize  the  full  power  of  IT  at  ca.com/customers. 
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continued  from  page  10 

be  created  at  the  outset  of  designing  an 
NAC  infrastructure.  “You  need  to  say  what 
your  policy  is,  and  this  usually  waits  until 
the  end,”  he  said.  Often  customers  wind  up 
identifying  their  greatest  risk  and  protecting 
against  that  without  creating  a  broader 
hierarchy  of  threats,  he  said. 

That  is  not  necessarily  a  bad  idea,  Hanna 
said.“Decide  what  is  your  greatest  pain.Start 
with  particular  users  working  with  high- 
value  assets,”  he  said. 

Wireless  convergence  trouble 

Delivering  the  latest  technology  to  high- 
value  users  is  what  customers  of  Wi-Fi-cel¬ 
lular  converged  phone  networks  want  to 
do,  but  they  are  running  into  issues,  In¬ 
terop  speakers  said.  For  instance,  some 
vendors  can’t  support  both  Code  Division 
Multiple  Access  (CDMA)  and  GSM  forms 
of  cellular  traffic. 

The  Visiting  Nurse  Services  (VNS)  of  New 
York,  which  runs  an  Avaya  VoIP  network 
and  a  Cisco  wireless  LAN  (WLAN),  extends 


BY  PHIL  HOCHMUTH 

NEW  YORK  —  Organizations  still  leasing 
Centrex  phone  lines  could  be  wasting 
money  and  holding  back  advanced  tele¬ 
phony  and  collaboration  features  from  em¬ 
ployees,  said  a  pair  of  IT  professionals 
speaking  at  Interop  last  week. 

Two  very  different  government/nonprof¬ 
it  organizations  —  the  Visiting  Nurse 
Service  (VNS)  of  New  York,  and  the  Public 
Schools  in  Saskatchewan,  Canada  — 
hacked  down  their  telecom  and  IT  costs 
by  bringing  telephony  in-house  using  VoIP 
instead  of  hosted  Centrex  services.  The  IT 
executives  also  said  that  the  productivity 
gains  and  advanced  features  delivered  by 
IP  telephony  and  VoIP  blew  away  what 
Centrex  could  do  for  them. 

“We  were  spending  quite  a  pretty  penny 
per  month  per  year  on  [Centrex,  and]  the 
flexibility  wasn’t  there,”  said  Randy  Cleg- 
home,  director  of  IT  planning  and  manage¬ 
ment  at  the  VNS.  More  than  a  year  ago,  the 
organization  moved  almost  completely  off 
of  Centrex  to  an  Avaya-based  VoIP  system. 
The  VNS  now  runs  dual  Avaya  S8700  IP 
PBXs,  which  support  more  than  3,000  IP 
endpoints  —  mostly  IP  phones,  with  PC- 
based  softphone  clients  mixed  in.  The  IP 
PBX  servers,  which  run  a  hardened  Linux 
operating  system,  operate  out  of  a  central¬ 
ized  data  center  and  serve  VoIP  clients  in 
more  than  143  locations  throughout  New 
York’s  five  boroughs. 

Cleghorne  said  the  organization  is  saving 
around  $900,000  per  year  after  eliminating 
its  Centrex  costs.  She  added  that  along  with 


While  a  final  tally  wasn't  available,  show  plan¬ 
ners  were  hoping  for  7,000  attendees  at  the 
Interop  show  in  New  York  last  week. 


its  VoIP  network  to  cellular  phones,  but 
Avaya’s  nascent  Wi-Fi/cellular  handoff  lacks 
a  key  element.  “It’s  all  GSM-based,”  said 
Randy  Cleghorne,  director  of  IT  planning 
and  management  for  the  VNS,  whose 
employees  use  CDMA  mobile  technology" 
I  would  really  like  to  see  that  cell  option 
come  along,” she  said. 

Even  when  the  option  is  available,  it  does- 


renegotiating  its  service  contracts  for  data 
and  voice,  the  VoIP  move  brought  VNS’  IT 
budget  down  from  around  $4  million  per 
year  to  nearly  $2.5  million. 

In  New  York  City,  where  unexpected 
events  are  the  norm,  the  flexibility  the  VoIP 
system  offers  —  such  as  the  ability  to  relo¬ 
cate  phones  and  extensions  quickly  —  is 
another  key  asset,  Cleghorne  said. 

“We  could  move  people  to  alternate  loca¬ 
tions  in  minutes  vs.  days,”  on  the  VoIP  sys¬ 
tem,  as  opposed  to  Centrex,  which  required 
a  technician  call  for  every  move  or  change, 
she  said. The  flexibility  came  in  handy  this 
summer,  when  a  heat  wave  caused  power 
outages  in  Manhattan  and  forced  the  VNS 
to  move  some  of  its  workers  to  locations 
with  more  reliable  electricity 

As  for  the  Canadian  school  district,  it 
moved  off  of  a  Centrex  system,  as  well  as 
dozens  of  key  telephone  systems  in  sepa¬ 
rate  schools,  to  a  Nortel-based  VoIP  net¬ 
work.  At  the  core,  the  school  chose  the 
Succession  Communication  Server  1000 
IP  PBX  —  a  VxWorks-based  call  server 
that  uses  a  real-time,  embedded  operat¬ 
ing  system. 

The  district  has  51  schools  and  two  ad¬ 
ministrative  sites,  with  more  than  2,000 
employees,  and  more  than  23,000  stu¬ 
dents  in  the  system. The  burden  in  switch¬ 
ing  to  VoIP  was  unifying  all  the  phone  net¬ 
works  that  were  built  out  over  the  years 
across  53  sites,  sometimes  by  subcontrac¬ 
tors  who  never  considered  someday  link¬ 
ing  all  of  the  phone  extensions, said  Daryl 
Koroluk,  general  manager  of  information 


n’t  always  work  smoothly.  The  campus  at 
Northwestern  Memorial  Hospital  in 
Chicago,  for  example,  is  ready  for  fixed- 
mobile  convergence.  It  recently  installed  a 
converged  radio  antenna  infrastructure 
from  Mobile  Access, according 
to  Dan  Curran,  IT  director  for 
the  hospital. This  technology 
combines  cellular, 802. 1 1,  RFID 
and  any  other  type  of  over-the- 
air  communications  the  hospi¬ 
tal  may  want.  Cellular  network 
providers  —  Sprint  and  Veri¬ 
zon  among  them  —  come  in 
loud  and  clear  through  the 
hospital’s  halls,  as  the  Mobile 
Access  antennas  amplify  the 
cellular  signals  internally 
The  Mobile  Access  antenna 
infrastructure  also  feeds  the 
hospital’s  Cisco  WLAN  access 
points,  which  are  deployed 
centrally  in  wiring  closets  instead  of  spread 
though  the  campus. To  cut  its  cell  phone 
bills,  Curran  recently  started  giving  out 
Cisco  802.11  IP  phones  to  doctors,  nurses 
and  staff.  “They  loved  it,”  Curran  said.  “But 


systems  at  the  school  district. 

“We  had  a  growth  rate  that  was  huge,” 
Koroluk  said.  The  VoIP  deployment,  which 
took  place  a  year  ago,  expanded  the  num¬ 
ber  of  desktop  phones  from  900  to  around 
2,000  throughout  the  district.  Voice  mail, 
which  was  a  rare  luxury  or  a  shared  re¬ 
source  for  teachers  and  staff  in  the  past, 
also  exploded  —  from  123  mailboxes  to 
more  than  2,300. 

Koroluk  has  run  into  a  couple  of  trouble 
spots  with  the  new  system. 

For  one,  pricing  can  be  complicated.  Cen¬ 
trex  costs  were  pretty  straightforward, 
Koroluk  said,  as  phones,  extensions  and 
voice  mail  were  billed  on  a  monthly  basis. 
There  are  more  surprises  when  it  comes  to 
licensing  for  VoIP  phones,  the  software  that 
runs  the  IP  PBXs  and  the  various  features 
that  can  be  added  to  parts  of  the  system 
such  as  voice  mail  boxes,  he  said. 

Another  issue  was  the  added  electrical 
and  cooling  requirements  that  came  with 
deploying  Power  over  Ethernet  switches  in 
wiring  closets  and  IP  phones  in  classrooms. 

“In  some  locations,  we’re  not  operating 
what  others  might  call  an  ideal  environ¬ 
ment  for  this  kind  of  network  and  [VoIP] 
equipment,”  Koroluk  said. 

The  school’s  IT  staff  tracks  the  environ¬ 
mental  data  on  the  Nortel  switches  and 
VoIP  gateways  deployed  through  agents 
built  into  the  hardware’s  operating  systems. 
These  agents  monitor  the  temperature  and 
humidity  of  the  gear  and  send  alerts  to 
administrators  if  things  get  too  hot  in  the 
wiring  closets.  ■ 


one  of  the  issues  was  that  if  they  made  a 
phone  call  in  the  building,  as  soon  as  they 
step  out,  it  goes  dead.” 

Management  migraines 

IT  executives  also  are  fac¬ 
ing  problems  as  they  look  for 
network  management  plat¬ 
forms  that  serve  the  needs  of 
large,  complex  corporate  net¬ 
works,  experts  said. 

Keynote  speaker  John  Swain- 
son,  president  and  CEO  of  CA, 
acknowledged  that  he  would 
have  to  give  CA  a  poor  score  if 
he  were  to  grade  the  company 
on  its  past  efforts  to  provide 
integrated  tools  that  manage 
and  secure  multiple  layers  of 
IT.“Enterprise  IT  is  never  going 
to  be  simple,  but  we  have  to 
make  the  managing  and 
securing  of  IT  simpler,”  he  said  (see 
www.nwdocfinder.  com/5370). 

An  EMC  executive  said  much  work  re¬ 
mains  on  this  front. 

“In  general  we  are  on  the  completely 
wrong  trajectory  in  management,”  said 
Shmuel  Klinger,  vice  president  of  architec¬ 
ture  and  applied  research  in  the  CTO  office 
of  EMC,  which  acquired  network  manage¬ 
ment  vendor  Smarts  in  2004.  “Things  are 
more  complex,  there  are  more  moving 
parts  and  management  as  an  industry  are 
chasing  the  wrong  trends,”  Klinger  said. 

From  the  customer  perspective,  prod¬ 
ucts  available  from  vendors  don’t  cut  it 
and  IT  shops  often  opt  to  cobble  together 
their  own  tools  rather  than  suffer  the  inte¬ 
gration  nightmare  of  myriad  tools  from 
multiple  vendors,  according  to  one  large 
enterprise  customer. 

“We  are  looking  for  end-to-end  IT  man¬ 
agement,  and  we  can’t  seem  to  get  the  ven¬ 
dors  to  agree  on  a  common  standard, 
which  doesn’t  help  us,”  said  a  network  engi¬ 
neering  for  a  large  financial  firm.  “We  are 
frustrated  with  what  we  can  buy  off  the 
shelf  so  in  many  cases  we  are  writing  it  our¬ 
selves,  doing  the  integration  internally’ 

Klinger  said  management  vendors  have 
made  advances  in  collecting  more  data 
and  providing  more  information  on  appli¬ 
cations  and  systems  performance,  but 
don’t  provide  enough  intelligence  or 
automation  for  network  managers  to  find 
the  data  really  useful. 

"These  trends  will  have  us  falling  on  our 
face.  We  are  increasing  the  amount  of  man¬ 
agement  data  that  we  collect  to  a  level  of 
detail  that  no  one  cares  about,  which  poses 
a  nightmare  for  integration,”  Klinger  said. 

Interop  did  prove  to  be  fertile  ground  for 
a  slew  of  newly  announced  management 
tools,  with  such  companies  as  Network 
General  and  Groundwork  Open  Source 
debuting  products  (www.nwdocfinder. 
com/5371).  Overall,  however,  the  show 
was  fairly  quiet  on  the  product  announce¬ 
ment  front.  ■ 


VoIP  converts  say  goodbye  to  Centrex 


CA  President  John 
Swainson  gives  his 
company  a  poor  grade 
in  terms  of  integrated 
tools. 


Today,  Carlo  restored  a  failed  router  in 
rebooted  a  Linux  server  in  Tokyo,  an< 
remembered  someone’s  very  specia 
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With  Avocent  centralized  management  solutions,  the  world  can  finally  revolve  around  you.  Avocent  puts  secure 
access  and  control  right  at  your  fingertips  -  from  multi-platform  servers  to  network  routers,  your  local  data  center  to  branch 
offices.  Our  “agentless”  out-of-band  solution  manages  your  physical  and  virtual  connections  (KVM,  serial,  integrated  power, 
embedded  service  processors,  IPMI  and  SoL)  from  a  single  console.  You  have  guaranteed  access  to  your  critical  hardware 
even  when  in-band  methods  fail.  Let  others  roll  crash  carts  to  troubleshoot  -  with  Avocent,  trouble  becomes  a  thing  of  the 
past,  so  you  can  focus  on  the  present. 
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Visit  www.avocent.com/special  to  download  Data  Canter  Control : 
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Electronic  passports 

A  number  of  countries  are  using  electronic  passports  based 
on  a  standard  set  by  the  International  Civilian  Aviation 
Organization,  a  United  Nations  committee. 

Countries  with  active  e-passport  programs 


Australia 

Finland 

Lithuania 

Singapore 

Austria 

France 

Netherlands 

Slovenia 

Belgium 

Germany 

Norway 

Sweden 

Brazil 

Greece 

Poland 

United  Kingdom 

Czech  Republic 

Iceland 

Portugal 

United  States 

Denmark 

Japan 

Russia 

BY  JOHN  FONTANA 

If  you’re  really  spooked  about 
potential  security  and  privacy 
flaws  in  the  new  RFID-enabled 
electronic  passports  being 
issued  by  the  U.S.  government, 
take  this  to  heart:  The  paper- 
based  ones  are  still  available  for 
a  few  months. 

Many  security  experts  are  ques¬ 
tioning  whether  e-passports, 
which  have  a  10-year  life  span, 
have  enough  security  built  in  to 
survive  a  decade  of  hackers  and 
technology  advancements  and 
protect  e-passport  users  from  data 
theft,  identity  theft,  and  other  secu¬ 
rity  and  privacy  intrusions. 

“If  the  government  is  right,  this 
will  be  the  first  time  in  the  history 
of  mankind  that  a  perfectly  secure 
application  will  be  produced.  Of 
course  it  will  be  hacked,”  says 
Bruce  Schneier,  a  noted  security 
guru,  author  and  CTO  of  Coun¬ 
terpane  Internet  Security 

The  government  thinks  other¬ 
wise  and  already  has  started  to 
issue  the  cards  from  its  regional 
offices  in  Colorado  and  Wash¬ 
ington,  D.C. 

“Let  me  be  blunt,”  says  Frank 
Moss,  deputy  assistant  secretary 
for  passport  services  at  the  U.S. 
Department  of  State.  “We  have 
obviously  gone  through  an  elabo¬ 
rate  process  here,  and  I  think,  with 
the  exception  of  a  relatively  small 
number  of  people,  have  ad¬ 
dressed  most  people’s  security 
concerns.” 

Moss,  along  with  other  govern¬ 
ment  and  military  officials,  has 
been  using  an  RFID-enabled  pass¬ 
port  since  last  year. 

The  e-passport  is  a  contactless 
smart  card  with  a  secure  micro¬ 
processor  that  employs  a  passive 
radio  frequency  to  transmit  data 
over  an  encrypted  wireless  link  to 
a  reader.  The  passive  technology 
requires  a  reader  to  power  the 
chip  and  is  different  from  an  RFID 
vicinity  chip,  which  is  used  for 
tracking  items  from  a  distance. 

A  technology  called  Basic 
Access  Control  (BAC)  uses  an 
electronic  key,  derived  from 
machine-readable  data  printed 
on  the  passport’s  page,  to  unlock 
the  data  on  the  chip,  and  a  digital 
signature  protects  the  integrity  of 
the  digital  data. 

The  chip,  which  is  embedded 
inside  the  cover  of  the  passport, 
contains  a  duplicate  copy  of  the 


passport  photograph  and  the 
printed  data.  The  digital  data  is 
intended  to  prevent  forgeries  by 
letting  inspectors  compare  the 
printed  and  digital  data. 

“This  is  not  a  security  device  for 
you,  it  is  a  security  device  for  the 
government,”  says  Schneier.  “As 
long  as  you  don’t  benefit  from  this 
why  should  you  be  a  guinea  pig?” 
Schneier  recommends  people  get 
new  passports,  which  are  valid  for 
10  years, without  RFID  technology, 
while  they  are  still  available. 

Once  regional  passport  offices 
convert  to  e-passports,  however, 
the  traditional,  paper-only  ver¬ 
sions  will  not  be  available.  The 
Colorado  office  converted  on 
Aug.  4,  and  the  Special  Issuance 
Agency  in  Washington  D.C.  is  com¬ 
pleting  a  conversion. The  other  15 
offices  will  convert  during  the 
next  five  to  six  months. 

The  State  Department  is  confi¬ 
dent  the  e-passport  has  the  secu¬ 
rity  it  needs  because  it  already 
has  incorporated  feedback  from 
security  experts  and  citizens. 

Last  year,  the  department  re¬ 
ceived  2,335  comments  after  the 
February  introduction  of  the 
e-passport  plan;  98.5%  were  nega¬ 
tive,  mostly  citing  security  and  pri¬ 
vacy  concerns. 

The  State  Department  later  took 
steps  to  improve  the  e-passports, 
including  shielding  the  cover  to 
block  the  RFID  signal  when  the 
passport  is  closed;  using  a  passive 
RFID  technology  powered  by  the 
reader,  that  transmits  data  only 
about  four  inches;  and  adding 
encrypted  digital  signatures. 

Nevertheless,  security,  privacy 
and  other  questions  have  not 
gone  away,  with  many  experts  say¬ 
ing  it  is  not  that  the  e-passport  is 
inherently  unsecure  but  that 


some  recently  demonstrated 
hacks  and  the  inevitable  advance¬ 
ment  of  technology,  such  as  an 
increase  in  RFID  antenna  power, 
show  that  the  e-passport  may  not 
weather  its  10-year  life  span. 

Earlier  this  year,  Dutch  security 
firm  Riscure  conducted  a  test  in 
which  it  was  able  to  intercept  a 
data  exchange  between  an 
e-passport  and  RFID  reader,  and 
crack  the  encrypted  files  to 
expose  fingerprints,  photographs 
and  other  data. 

The  Dutch  passports  employ  the 
same  ISO  14443  chips  and  the 
BAC  encryption  scheme  stan¬ 
dards  used  by  the  United  States 
and  other  countries  issuing  e- 
passports.  Those  global  standards 
were  set  by  the  International  Civil 
Aviation  Organization,  a  United 
Nations  committee. 

In  addition,  at  the  Black  Hat 
hacker  conference  this  summer,  a 
German  researcher  was  able  to 
clone  an  e-passport  chip,  although 
he  admitted  it  is  impossible  to 
change  the  data  on  the  chip. 

“I  travel  abroad  frequently,  and  I 
would  hate  to  be  among  the 
guinea  pigs  who  become  subject 
to  identity  theft  while  this  new 
technology  is  essentially  beta- 
tested  in  the  real  world,”  says 
Andre  Duran,  CEO  of  identity  fed¬ 
eration  technology  vendor  Ping 
Identity  “While  an  optimist,  I’ve 
learned  the  hard  way  it’s  safer  to 
assume  a  hostile  environment. 
Securing  this  chip  from  those  with 
malicious  intent  appears  to  have 
been  an  afterthought.” 

Others  agree  there  are  enough 
lingering  questions  to  warrant 
moving  cautiously 

“It  is  clear  that  there  are  ways  to 
read  the  information  from  these 
e-passports,  but  whether  that  con¬ 


stitutes  a  security  exposure  that 
the  average  person  should  be 
worried  about  is  not  clear,”  says 
Bob  Blakley  principal  analyst  with 
Burton  Group.  “But  ‘not  clear’  is 
not  necessarily  a  good  case  for 
something  that  is  going  to  be 
issued  to  millions  of  people. 
Conservatism  is  probably  a  good 
stance  when  working  at  that 
scale.”  There  are  70  million  pass¬ 
ports  issued  to  U.S.  citizens. 

Blakley  who  formerly  was  chief 
scientist  for  security  and  privacy 
at  IBM,  says  one  security  question 
that  needs  to  be  asked  is  if  the 
e-passport  solves  any  real  prob¬ 
lems  at  the  U.S.  border. 

“We  are  gong  to  spend  a  very 
large  amount  of  money  to  pro¬ 
duce  a  more  complicated  [iden¬ 
tity]  artifact,  and  it  is  not  easy  to 
quantify  what  we  are  buying  for 
all  that  money  and  effort,” 
Blakley  says. 

Proponents  say  what  is  clear  is 
that  the  smart  card  technology 
used  in  the  e-passport  has  a  track 
record  from  its  being  used  in  mil¬ 
lions  of  mobile  phones  and  pay¬ 
ment  cards. 

“It’s  true  this  is  new  technology 
for  passports,  but  the  technology 
has  been  around  for  25  years  and 
it  was  designed  to  be  a  secure 
form  of  data  protection,”  says 
Randy  Vanderhoof,  executive 
director  of  the  Smart  Card 
Alliance.  “Speculation  from  the 
Bruce  Schneiers  and  others  is 
that  nobody  knows  what  can  hap¬ 
pen  in  the  future  in  terms  of  peo¬ 
ple’s  ability  to  come  up  with  new 
and  innovative  ways  to  break  into 
systems, so  therefore  we  shouldn’t 
trust  any  system  out  there.  Our 
view  is,  you  can’t  go  around  pre¬ 
dicting  something  might  happen 
in  the  future  and  therefore  stop 
all  innovation  and  change.”  ■ 


Security  event 

Looking  for  better  security  solutions? 
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Learning  spammers’  tricks 
doesn't  mean  less  junk 


BY  CARA  GARRETSON 

The  industry  is  learning  more  and  more  about 
tricks  used  by  spammers  to  get  their  unwanted  mes¬ 
sages  across,  as  evidenced  by  a  handful  of  research 
studies  made  public  this  month 
from  university  and  vendor  labs. 

But  even  as  their  tricks  are  re¬ 
vealed,  spammers  continue  to  stay 
a  step  ahead  of  the  filters,  tech¬ 
niques  and  services  designed  to 
catch  them. 

Findings  about  how  spammers 
take  advantage  of  Internet  proto¬ 
cols  to  hide  their  tracks,  mine  free 
Web  hosting  sites  to  make  extra 
money,  and  pump  up  stock  prices 
to  then  dump  shares  at  a  profit  are  just  some  of  the 
research  reports  that  have  surfaced.  While  some  of 
these  reports  promise  to  feed  their  findings  into 
future  product  developments  or  to  help  strengthen 
Internet  protocols  against  misuse,  by  the  time  the  in¬ 
formation  is  implemented  spammers  will  no  doubt 
have  found  a  new  set  of  tricks. 

Meanwhile,  IT  managers  see  no  relief  in  sight.  In  a 
recent  report,  market  researcher  IDC  says  spam  has 
climbed  back  up  the  priority  list  of  IT  managers  and 
holds  the  No.  3  spot  among  the  greatest  threats  to 
enterprise  security 

Yet  when  fighting  this  sort  of  arms  race  with  spam¬ 
mers  who  have  financial  incentives  to  jump  through 
myriad  technical  and  social-engineering  hoops  to 
get  their  message  through,  security  vendors  are 
bound  to  be  playing  catch-up,  says  one  IT  manager. 

“It’s  the  nature  of  the  beast,”  says  April  Robinson, 
network  administrator  with  engineering  firm  Bern- 
ardin,  Lochmueller  &  Associates  in  Evansville,  Ind. 
“Trying  to  keep  up  with  ‘what  in  the  world  will  they 
think  of  next?’  means  there  will  always  be  that  gap” 
between  spammers’  tricks  and  technology  that 
attempts  to  foil  them, she  says. 

Among  the  findings  made  public  of  late  is  a  study 
by  researchers  at  the  Georgia  Institute  of  Technology’s 
College  of  Computing  that  revealed  some  of  the 
lengths  to  which  spammers  will  go  to  hide  their 
tracks. 

In  an  18-month  study  of  more  than  10  million  spam 
messages  sent  to  a  single  domain,  researchers  dis¬ 
covered  a  small  group  of  spammers  are  using  a  tech¬ 
nique  called  route  hijacking  to  mask  the  IP  ad¬ 
dresses  from  which  spam  is  sent,  which  means  they 
can’t  be  caught.  Spammers  exploit  weaknesses  in  In¬ 
ternet  routing  protocols  essentially  to  hijack  an  ad¬ 
dress  space  and  assume  an  IP  address,  then  with¬ 
draw  their  route  once  they’ve  blasted  out  their  spam, 
according  to  researchers. 

Improving  the  security  of  these  routing  protocols 
would  cut  down  on  the  amount  of  spam  on  the  In¬ 
ternet,  says  Nick  Feamster,  a  Georgia  Tech  assistant 
professor  of  computing  involved  in  the  project.  He 
also  plans  to  use  these  and  future  findings  to  help 
improve  spam-blocking  products. 

“Because  we  are  researching  ways  to  detect  spam 
based  on  where  in  the  network  it  is  coming  from, 


rather  than  simply  the  contents  of  the  e-mail  itself,  we 
are  raising  the  bar  considerably  higher  for  spam¬ 
mers,  whereas  with  existing  filtering  techniques 
spammers  can  easily  develop  new  tricks,”  Feamster 
says. 

Purdue  University’s  Krannert 
School  of  Management  earlier  this 
month  released  results  of  a  study 
on  stock-touting  schemes,  in  which 
spammers  buy  penny  stocks,  tout 
them  in  blasted  e-mail  campaigns 
and  dump  the  stock  at  a  profit. 

The  study  showed  that  15%  of 
spam  messages  sent  are  stock-tout¬ 
ing  schemes,  in  which  usually  only 
the  spammer  profits  because  most 
recipients  who  acted  on  the  supposed  stock  tip  lose 
money  and  the  companies  whose  stock  spammers 
chose  to  tout  suffer  as  scorned  investors  blame  them 
for  the  bad  tip,  says  Laura  Frieder,  assistant  professor 
of  finance  and  co-author  of  the  study  The  study  sug¬ 
gests  senders  of  stock  tips  should  be  forced  by  law  to 
disclose  their  holdings  in  any  stock  they  promote. 

In  another  example, security  vendor  McAfee’s  Avert 
Labs  recently  described  a  way  that  spammers  have 
found  to  make  even  more  money  Online  scammers 
have  long  used  free  hosting  services  such  as  Yahoo 
Geocities  or  Tripod  as  a  way  to  get  around  e-mail  fil¬ 
ters  that  might  otherwise  recognize  their  spam  Web 
sites.  Now  some  enterprising  spammers  have  begun 
selling  each  other  these  free  Web  pages,  McAfee  says. 

For  $25  per  week,  a  spammer  will  sell  50  Web-host¬ 
ing  accounts  that  can  be  used  to  redirect  Web  traffic 
to  sites  that  normally  would  be  flagged.  “These  link 
providers  create  and  maintain  thousands  of  free 
hosting  accounts  on  behalf  of  the  spammers,”  wrote 
McAfee’s  Nick  Kelly  in  a  recent  posting  to  McAfee’s 
Avert  Labs  blog. 

At  least  one  research  effort  will  soon  result  in  a 
product.  A  professor  and  two  students  at  Carnegie 
Mellon  University’s  CyLab  have  come  up  with  the 
Phoolproof  Phishing  Prevention  system,  which  pro¬ 
vides  strong  authentication  between  a  user’s  brows¬ 
er  and  a  Web  site  by  a  third  party  —  namely  a  cell 
phone  or  PDA  —  acting  as  authenticator. 

Researchers  have  a  prototype  version  of  the  sys¬ 
tem  working  and  hope  to  release  a  more  finished 
version  soon. 

Despite  spammers’  constant  developments,  some 
watchers  believe  the  spam-fighting  industry  is  hold¬ 
ing  its  own. 

“Most  of  the  [spam]  filter  authors  I  know  are  get¬ 
ting  filtering  accuracy  in  the  99.9%  or  better  range 
now  . . .  and  most  new  mail  clients  are  getting  good 
filters  built  right  in,”  says  Bill  Yerazunis,  senior 
research  scientist  with  Mitsubishi  Electric  Research 
Laboratories  and  chairman  of  the  annual  MIT  Spam 
Conference.  “For  the  short  term  we’ll  see  more  and 
more  spam,  but  we’ll  also  see  every  mail  client  and 
service  come  with  built-in  spam  filtering.” 

Additional  reporting  by  Robert  McMillan,  IDG  News 
Service. 


Spamalot 

The  amount  of  spam  sent  to 
the  domain  used  in  the 
GeorgiaTech  research  dou¬ 
bled  over  the  18-month  life  of 
the  project,  according  to 
researchers. 


New  twists  in  HP  scandal 

Former  directors  pledge  not  to  sue  over  dispute. 


BY  ROBERT  MULLINS, 

IDG  NEWS  SERVICE 

HP  has  entered  into  mutual 
agreements  with  two  former 
directors  caught  up  in  the  board 
spying  scandal  not  to  file  lawsuits 
over  the  dispute. 

The  company  disclosed  the 
agreement  in  a  filing  to  the  U.S.Se- 
curities  and  Exchange  Commis¬ 
sion  last  week.  In  the  same  filing, 
HP  said  it  has  agreed  to  pay  some 
of  the  directors’  legal  expenses 
related  to  the  investigations. 

The  SEC  has  asked  for  more  in¬ 
formation  about  the  circum¬ 
stances  surrounding  Thomas  Per¬ 
kins’  resignation  from  HP’s  board 
of  directors  over  the  spying  scan¬ 
dal,  HP  said  in  the  filing. 

HP  also  revealed  the  terms 
under  which  Perkins  and  director 


George  Keyworth  left  the  board. 
They  resigned  after  it  was  re¬ 
vealed  that  private  investigators 
hired  by  HP  may  have  used  illegal 
methods  to  identify  Keyworth  as 
the  source  of  leaks  of  board  delib¬ 
erations  to  the  news  media. 

Separately,  HP  said  CEO  Mark 
Hurd  “has  offered  to  appear” 
before  a  House  subcommittee 
probing  the  scandal.  Chairman 
Patricia  Dunn  and  other  HP  exec¬ 
utives  implicated  in  the  scandal 
have  accepted  invitations  to 
appear  at  a  Sept.  28  hearing. 
Dunn,  who  is  resigning  as  chair, 
said  she  looks  forward  to  the 
opportunity  to  “set  the  record 
straight”  regarding  allegations  that 
she  oversaw  an  internal  investiga¬ 
tion  of  the  company  that  may 
have  broken  the  law.  ■ 


Cisco 

continued  from  page  14 

Putting  more  10G  ports  on  a  line  card  is  what  will  drive  10G  adoption, 
analysts  say 

“High-density  10G  is  important,  because  no  one  wants  to  use  a  whole 
slot  in  their  switch  chassis  just  for  two  or  four  ports  of  10G,”says  Zeus 
Kerravala,  a  Yankee  Group  analyst. 

While  Cisco  usually  has  followed  its  competitors  in  time-to-market  and 
on  high-end  10G  performance,  the  company  has  managed  to  gain  the 
majority  of  the  10G  Ethernet  market,  largely  because  of  its  broad  switch- 
customer  installed  base  and  integrated  hardware  product  menu.  Cisco 
accounted  for  78%  of  the  worldwide  10G  Ethernet  switch  revenue  in  the 
first  half  of  2006  and  77%  of  the  ports  shipped  in  the  same  time  period, 
according  to  Synergy  Research  Group.  The  closest  competitor  is 
Force  10,  with  about  7.5%  of  10G  sales  and  shipments. 

The  Catalyst  Blade  Switch  3040  also  is  being  released  for  blade  server 
chassis  made  by  Fujitsu  Siemens  Computers  —  a  joint  development 
venture  between  the  Japanese  and  German  telecom/computing  giants. 
The  Cisco  switch  fits  into  the  Primergy  Blade  Server  Series  product  and 
connects  the  backplane  of  the  chassis  to  an  outside  network  connec¬ 
tion  with  as  many  as  six  Gigabit  Ethernet  ports.  The  new  switch  joins 
existing  Catalyst  Blade  Switch  3000  switches  that  fit  in  IBM’s  e-server 
BladeCenter,  HP’s  p-Class  BladeSystem  and  Dell’s  blade  server  chassis. 

Cisco  Beyond  also  is  being  launched  as  an  online  community  for 
users  of  Cisco  data  center  products  to  share  scripts  written  to  auto¬ 
mate  network  management  tasks,  configurations  and  other  settings 
on  Cisco  routers  and  switches  running  the  Embedded  Event 
Manager  (EEM)  module  in  IOS.  Scripts  can  be  written  to  automate 
many  of  the  management  and  monitoring  tasks  EEM  performs;  script 
functions  could  include  automatically  configuring  a  new  line  card 
with  certain  policy  and  virtual  LAN  (VLAN)  settings  when  the  hard¬ 
ware  is  inserted  in  a  Catalyst  6500  slot.The  Cisco  Beyond  service  lets 
users  post  script  files  —  a  file-sharing  capability  is  included  in  the 
service  —  and  exchange  ideas  and  tips  on  how  to  write  effective  IOS 
EEM  scripts.  Cisco  also  is  releasing  the  Cisco  Data  Center  Infra¬ 
structure  Design  Guide  2.0, a  reference  manual  on  how  to  set  up  and 
configure  Cisco  data  center  gear. 

The  eight-port  10G  modules  for  the  Catalyst  6500  are  available  for 
$37,000,  without  optics.  Fiber-optic  connections  for  each  port  cost 
$2,000  for  SR  fiber  and  $3,000  for  LX4  fiber. The  Catalyst  Blade  Switch 
3040  costs  $4,300  and  will  be  available  in  October.  ■ 


WHERE  DID  NBC  OLYMPICS  TURN 
WHEN  IT  NEEDED  A  PERFECT  SCORE? 


DYNAMIC  NETWORKING.  LET  THE  GAMES  BEGINS 


When  NBC  Olympics  began  planning  its  broadcasts  of  the  Torino  Olympic  Winter 
Games,  it  turned  to  longtime  partner  AT&T  to  help  it  overcome  a  world-class 
challenge.  Since  the  Athens  Games,  an  increase  in  the  number  of  media  outlets, 
longer  hours  of  coverage,  and  the  growth  of  High  Definition  TV  drove  an  explosive 
need  for  bandwidth.  This  brought  about  the  need  to  move  even  larger  amounts 
of  data  across  seven  NBC  Universal  networks  in  real  time  — and  without  a  glitch. 
The  solution:  Dynamic  Networking  from  AT&T 

By  relying  on  Dynamic  Networking's  scalable  capacity  and  ability  to  reroute  traffic  on 
a  moment's  notice,  interruptions  were  avoided  with  near  perfection.  The  result:  over 
200  million  viewers  witnessed  the  broadcaster  perform  at  the  highest  level. 


To  learn  more  about  how  NBC  Olympics  and  other  businesses  found  success  with 
Dynamic  Networking,  go  to  att.com/profiles. 

at&t  y  5  - 
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Proud  Sponsor  of  the  US.  Olympic  Team 
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I  am  the  shepherd  of  resources. 
The  ringleader  of  processes. 

The  conductor  of  an  inventory 
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in  transit  across  three  continents, 


This  is  my  world. 

My  world  runs  on 
Dynamic  Networking 


The  World  According  To  Stephen 

Dynamic  Networking  from  AT&T  enables  converged  communications  across 
locations  worldwide.  By  proactively  identifying  changes  in  traffic  volume  and 
responding  in  real  time,  Stephen's  network  can  move  resources  more  efficiently, 
and  securely.  Learn  how  Dynamic  Networking  can  enable  your  business. 


The  new  s 


■^OUr  World 


att.com/networking 
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nfoorossing  enhances  e-mail  security 


BY  CARA  GARRETSON 

Infocrossing  this  week  will  announce 
iConnection  6.0,  a  suite  of  managed  ser¬ 
vices  that  offer  spam  and  virus  protection 
plus  encryption,  archiving,  disaster  recov¬ 
ery  and  compliance  services.  The  IT  out¬ 
sourcing  company  is  enhancing  its  hosted 
e-mail  security  services  with  technology  it 
acquired  when  it  bought  messaging  man¬ 
agement  vendor  IntelliReach  in  May 

These  services  can  be  used  in  conjunc¬ 
tion  with  Infocrossing’s  hosted  e-mail  ser¬ 
vices,  or  an  organization  can  manage  its 
e-mail  internally  but  have  the  mail  stream 
run  through  Infocrossing’s  data  center  ser¬ 
vices  on  both  the  inbound  and  outbound 
ends,  says  Michael  Wilczak,  senior  vice 
president  of  strategy  and  development 
with  Infocrossing. 

While  iConnection  competes  with  email 


security  offerings  from 
Postini,  MXLogic  and 
Messagelabs  that  don’t 
offer  email  hosting,  Infe 
crossing  probably  will 
find  the  most  success 
selling  its  messaging 
security  services  to  orga¬ 
nizations  that  already 
outsource  their  e-mail, 
according  to  one  analyst. 

“When  you  look  at  what  companies  like 
Postini  do,  they’re  just  touching  the  e-mail 
very  briefly,  and  then  it’s  all  stored  behind 
the  company’s  firewall. There’s  a  lot  of  dis¬ 
comfort  with  the  idea  of  having  the  mes¬ 
sage  store  located  somewhere  else,”  says 
Michael  Osterman,  president  of  Osterman 
Research. 

For  customers  that  have  decided  e-mail 


hosting  makes  the  most 
sense,  going  with  a  ser¬ 
vice  provider  that  layers 
security  offerings  on  top 
is  essential,  he  says. 
“Infocrossing  starts  off 
with  base-level  security 
and  offers  on  top  of  that 
archiving,  compliance 
and  disaster  recovery  It’s 
a  pretty  complete  system.” 

With  Version  6.0,  Infocrossing  has 
enhanced  its  basic  antivirus  and  anti¬ 
spam  services  with  features  from  Intelli- 
reach’s  MX  2020  messaging  management 
product. 

These  features  include  message  encryp¬ 
tion  options  such  as  TLS,  SMTP  over  SSL,  or 
HTTPS  Web  delivery  Also  included  is  mes¬ 
sage  archiving,  which  indexes  every  mes¬ 


sage  before  storing  it  to  make  archive 
searches  easier.  An  e-mail  compliance 
option  lets  organizations  control  what  infor¬ 
mation  leaves  a  company  by  reviewing  out¬ 
bound  e-mail  and  archiving  messages  con¬ 
taining  content  covered  by  regulations, 
according  to  Wilczak. 

Infocrossing  has  added  features  for  catch¬ 
ing  image-based  spam  and  throttling  back 
connections  from  known  spammers. All  the 
services  are  managed  via  a  Web  portal, 
which  also  generates  reports  and  policies, 
Wilczak  says. 

Infocrossing  acquired  Intellireach  after 
signing  on  to  license  its  technology  as  part 
of  its  managed  services  portfolio. 

iConnection  6.0  can  be  purchased  as  a 
set  of  bundled  services  or  a  la  carte.  The 
services  cost  $2  to  $8  per  user,  per  month, 
plus  storage  fees.  ■ 


Big  rise 

For  2006,  the  number  of 
hosted  e-mail  in-boxes  is 
expected  to  total  nearly  one 
billion  accounts,  according  to 
The  Radicati  Group. 


Sprint  beefs  up  wireless  security  services 


BY  DENISE  PAPPALARDO 

Sprint  last  week  launched  a 
suite  of  security  services  for  its 
wireless  users  that  includes 
authentication,  threat  protection 
and  policy  enforcement  on 
smart  phones  from  any  wireless 
provider. 

The  company  announced  its 
Sprint  Mobile  Security  service  at 
Interop  New  York.  Sprint  is  team¬ 
ing  with  wireless  security  com¬ 
pany  Mobile  Armor  to  support 
this  offering. 

The  service  better  secures  smart 


phones  and  laptops  for  Sprint 
customers,  and  can  be  used  on 
the  same  devices  on  any  wireless 
carrier’s  network,  says  Barry 
Tishgart,  a  director  of  product 
marketing  at  Sprint. 

One  industry  expert  says  Sprint 
has  gained  an  edge  in  deploying 
such  services. 

“When  it  comes  to  managed 
wireless  services,  Sprint  has  been 
on  the  forefront,”  says  Rena 
Bhattacharyya,  a  program  man¬ 
ager  at  IDC.  Other  service  pro¬ 
viders,  such  as  Cingular  Wireless 


and  Verizon  Wireless,  offer  some 
of  the  same  options  as  Sprint  but 
not  quite  as  many  she  says. 

Bhattacharyya  also  points  out 
that  Sprint  is  not  only  competing 
with  wireless  service  providers, 
but  even  landline  providers,  such 
as  AT&T,  which  launched  a  secu¬ 
rity  package  for  wireless  users, 
and  smaller  companies,  such  as 
Traq  Wireless,  that  offer  some  of 
the  same  features. 

Sprint  Mobile  Security  has  10 
features  that  combine  some  exist¬ 
ing  security  capabilities  with  new 


features  such  as  color-coded 
authentication, Tishgart  says. 

The  service  lets  customers 
enforce  password  policies  using 
PINs  and  color-coded  authentica¬ 
tion,  which  requires  users  to  enter 
colors  in  a  specific  sequence  on 
a  quad-color  shield  of  armor  on  a 
Web  page. 

Customers  also  have  the  option 
of  encrypting  specific  files,  a 
device  or  memory  card.  This 
same  encryption  can  be  used  by 
mobile  customers  to  access  their 
corporate  VPN  securely,  the  ser¬ 


vice  provider  says. 

The  service  also  scans,  identifies 
and  removes  malware,  viruses, 
worms  and  the  like  from  mobile 
devices  using  a  firewall  that 
resides  on  the  handheld  or  lap¬ 
top.  This  firewall  is  also  used  to 
block  denial-of-service  attacks. 

The  offering  lets  customers  set  a 
maximum  of  150  security  poli¬ 
cies,  which  could  cover  how  or 
when  applications  are  accessed 
remotely,  or  ensure  employees 
comply  with  industry  regulations 
or  have  the  latest  virus-scanning 
software.  The  system  updates 
devices  with  the  software  auto¬ 
matically  so  users  are  not  blocked 
for  noncompliance. 

Sprint  has  incorporated  some 
previously  supported  features 
with  its  Sprint  Mobile  Security 
package,  such  as  locking  a  wire¬ 
less  device  remotely  if  it’s  re¬ 
ported  lost  or  stolen  and  re¬ 
motely  erasing  all  data  from  that 
device  to  protect  corporate 
information. 

The  wireless  service  provider 
says  it  has  been  testing  its  mobile 
suite  of  security  offerings  with 
some  business  customers,  but  it 
would  not  name  those  users  at 
press  time.  The  offering  is  avail¬ 
able  for  $9  per  user,  per  month.  ■ 

SECURITY 

Subscribe  to  our  free  newsletter. 
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FGC’s  wireless  auction  fetches  billions 

Now,  let’s  see  what  Cingular,  T-Mobile,  Verizon  and  others  do  with  their  wireless  winnings. 


BY  DENISE  PAPPALARDO 

Five  weeks  and  nearly  $14  billion  later,  the 
FCC’s  Advanced  Wireless  Services  auction  is 
over. 

Vendors  such  as  Cingular,  Sprint,  T-Mobile 
and  Verizon  Wireless  collectively  bid  $13.9  bil¬ 
lion  for  spectrum  licenses  previously  used  by 
the  federal  government. 

The  FCC  sold  1,087  licenses  to  104  bidders 
in  the  1710M  to  1755MHz  frequencies  during 
161  rounds  of  bidding.  The  auction  started 
Aug.  9  (www.nwdocfinder.com/5343). 

“This  was  one  of  two  opportunities  for 
[wireless  service  providers]  to  plan  for  the 
future,”  says  Tole  Hart,  a  research  director  at 
Gartner. The  FCC  is  holding  another  auction 
for  spectrum  licenses  in  the  700MHz  band 
in  2008,  and  Hart  says  incumbent  wireless 


carriers  will  flock  to  it. 

Some  wireless  service  providers,  such  as 
T-Mobile,  needed  to  bolster  their  spectrum 
holdings  to  roll  out  3G  networks  in  earnest. 
T-Mobile  wound  up  as  the  highest  overall  bid¬ 
der,  at  $4.2  billion. 

Others  such  as  Verizon  and  Sprint  bid 
aggressively  to  support  future  services  that 
will  require  more  spectrum,  Hart  says. 

Sprint  and  cable  service  companies  Cox, 
Comcast  and  Time  Warner  Networks  bid  as  a 
partnership  called  Spectrum  Co.  Hart  says, 
considering  Sprint’s  current  wealth  of  spec¬ 
trum  assets,  it’s  likely  the  cable  companies 
will  use  their  new  spectrum  to  expand  their 
partnership  with  Sprint. 

Other  big  winners  were  regional  wireless 
service  providers  MetroPCS  and  Leap  Wire- 


less.These  providers  are  expected  to  use  their 
spectrum  winnings  to  expand  services  into 
new  markets,  Hart  says. 

The  auction’s  two  surprises  were  that  the 
satellite  television  companies  dropped  out  of 
the  bidding  as  early  as  they  did  and  that  Alltel 
did  not  participate,  Hart  says.  “Considering 
there  are  only  two  foreseeable  opportunities 
to  build  up  spectrum,  it  is  somewhat  surpris¬ 
ing  that  Alltel  didn’t  participate,”  Hart  says. 

Winning  bidders  are  required  to  make  a 
down  payment  to  the  FCC  10  days  after  the 
close  of  the  auction,  which  was  Sept.  18. 
They  must  file  additional  paperwork  and 
make  final  payments  before  the  spectrum 
licenses  will  be  issued.  The  FCC  says  all  of 
these  steps  will  affect  when  the  licenses  are 
distributed.* 


“Canobeam  sets  up 
at  a  moments  notice 

:  '  v  . 

for  connectivity  on  the  fly. 

Bob  Shafto.  Senior  Communications  Manager 
International  Speedway  Corporation 


AutoTracking  Built-in  to  All  Models 
GigE  Speed  and  Affordability 
Connects  With  More  Users. 


ElCanoBeam  stayed 
on'tHFSifithroughout 
[the  (Florida)  storms.” 

Tom  Bennett,  Technical  Co  Principal. 

"  <uah6||  Omnispring  jS 


“Canobeam  is  doing 
exactly  what  they  said  it 
would  on  an  optimal  level. 

John  Kratochvil,  Director  of  IT 
Edmonton  Economic  Development  Corporation 


Data  speed  at  1.25Gbps 
for  Gigabit  Ethernet 
Data  transmission 
from  100m  to  1000m 


►  Data  speeds  from  ►  Data  speeds  from 
25Mbps  to  156Mbps  25Mbps  to  156Mbps 

►  Data  transmission  ►  Data  transmission 
from  20m  to  500m  from  100m  to  2km 


More  and  more  users  are  discovering  the  benefits  of 
Canobeam  FSO  wireless  transmission  for  primary  or 
redundant  applications.  They  include  a  broad  base  of 
users  from  commercial  Internet  providers  maintaining 
the  integrity  of  their  networks,  to  office  campuses 
where  installing  fiber  between  buildings  is  cost- 


prohibitive,  to  race  tracks  where  fast  data  access 
needs  can’t  be  met  with  traditional  fiber  installations. 
In  those  applications  and  many  more,  Canobeam 
DT-100  Series  units  feature  the  speed,  dependability 
and  AutoTracking  requirements  that  provide  the 
perfect  solution  for  more  and  more  users. 


Find  out  more  at  canobeam.com 

1-800-321-4388  (Canada:  905-795-2012) 
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PowerExecutive  is  available  on  all  Sy 
Take  Back  Control  are  trademarks  or 
Processors  are  trademarks  of  Advanc 


x  servers  except  the  x3455:The  System  x3655  shown  is  expected  to  be  tjva 
itered  trademarks  of  International  Business  Machines  Corporation  in  the  Un 
icro  Devices,  Inc.  Other  company,  product,  and  service  names  may  be  traded 


i  on  October  3. 2006.  IBM,  the  IBM  logo,  System  x,  PowerExecutive  and 
I  States  and/or  other  countries.  AMD,  the  AMD  logo,  and  AMD  Opteron 
>  or  service  marks  of  others.  ©2006  IBM  Corporation.  All  rights  reserved. 


AMD 


.INFRASTRUCTURE  LOG 

_DAY  28:  These  slow,  inefficient  boxes  don’t  have  enough 
power  to  run  my  high-end  business  apps.  They  can’t  do 
anything.  Though  I  guess  crashing  counts  as  doing  something. 

.Need  sleep.  Will  try  to  dream  that  I  am  I.T.  King 
of  a  distant  planet  that  only  produces  stupefyingly 
powerful  servers. 

.DAY  30:  I’ve  taken  back  control,  thanks  to  the  IBM  System  x™ 
server  with  the  AMD  Opteron™  Processor.  It  has  more  power 
and  more  efficiency  than  I  ever  imagined  in  a  standards- 
based  server.  The  PowerExecutive™  tool  assigns  power  as 
needed  for  each  server.  It  helps  optimize  our  power 
consumption.  Maximize  performance.  Increase  reliability. 
I  can  finally  sleep  in  my  own  bed  again. 

_I  have  taken  back  control.  I  am  Ned,  benevolent  I.T. 

King  of  this...uh,  data  center. 
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Security  awareness  Cisco-style 


SECURITY  INSIDER 

Mike  Rothman 


Because  you  are  reading  Net¬ 
work  World,  I  don’t  have  to  tell 
you  about  Cisco’s  market  power 
and  penetration  within  all 
aspects  of  the  network  market. 
But  how  did  the  company  get 
there?  Cisco  is  the  preeminent 
practitioner  of  what  I  call  poster 
child  marketing.  It  does  these 
things  itself,  publicizes  them 
massively  and  gains  credibility 
with  big  customers  that  are  fac¬ 
ing  the  same  problems. 

We  saw  this  during  the  bubble 
with  the  e-commerce  system  that 
Cisco  rolled  out.  Its  ability  to  in¬ 
crease  productivity  by  taking  a 


majority  of  orders  over  the  Inter¬ 
net  was  at  the  cutting  edge.  Like¬ 
wise,  its  ability  to  close  the  books 
on  a  multibillion-dollar  enterprise 
within  hours  also  was  also 
unprecedented. 

Big  company  CIOs  sought  out 
Cisco’s  CIO  and  CEO  to  find  out 
the  secret.  That  access  and  credi¬ 
bility  resulted  in  major  strategic 
deals  going  Cisco’s  way 

Now  Cisco  is  turning  its  atten¬ 
tion  to  security  awareness,  and  it’s 
a  very  compelling  story  First,  I  am 
a  huge  fan  of  security  awareness 
training.  I  think  much  of  the  hot 
water  we  find  ourselves  in  daily 
could  be  avoided  by  teaching  un¬ 
sophisticated  users  to  not  do  stu¬ 
pid  things.  A  smart  user  commun¬ 
ity  is  worth  more  than  the  tightest 
technical  defenses. 

Getting  there  is  hard, and  it  takes 
a  significant  commitment.  But  you 
can  do  it  and  Cisco  can  show  you 
how.  The  company  recently  put 


together  a  piece  that  offers  10  tips 
for  security  awareness.  It’s  great 
stuff,  and  I  hate  almost  all  the  mar¬ 
keting  I  see.  This  piece  has  credi¬ 
bility  It  puts  a  face  (of  Cisco  CSO 
John  Stewart)  on  an  intractable 
problem.  Most  of  all,  it  shows  that 
security  awareness  training  can 
be  done.  It’s  poster  child  market¬ 
ing  at  its  finest. 

As  you  look  through  the  tips, 
they  seem  kind  of  marketing-ori¬ 
ented.  Exactly  —  being  a  security 
professional  involves  both  selling 
and  marketing.  Here  are  the  tips: 

1.  Get  buy-in  from  upper  man- 
agement.This  is  self-evident  but  if 
the  CEO  doesn’t  believe, you  don’t 
have  a  chance. 

2.  Appoint  the  right  person  to 
lead  the  charge.  Cisco  has  a  well- 
spoken  CSO  and  a  former  public 
relations  professional  to  spear¬ 
head  the  awareness  strategy 

3.  Conduct  extensive  research. 
You  don’t  know  how  to  most 


effectively  communicate  to  an 
audience  if  you  don’t  understand 
them. This  is  Marketing  101. 

4.  Build  relationships.  Engage  in¬ 
fluences  and  get  them  telling 
your  story 

5.  Create  security  ambassadors. 
These  are  really  evangelists  who 
are  passionate  about  solving  the 
problem. 

6.  Identify  the  right  communica¬ 
tions  vehicles.  You  need  to  be  in 
the  places  where  your  folks  hang 
out.  Maybe  it’s  online,  or  town  hall 
meetings.  But  don’t  expect  them 
to  come  to  you. 

7.  Use  credible  sources.The  CEO 
is  a  good  place  to  start,  but  also 
make  sure  that  all  of  your  spokes- 
people  are  well  regarded  within 
the  organization. 

8.  Keep  your  messages  short  and 
simple.  If  you  have  a  thick  manual, 
you  can  be  assured  no  one  will 
read  it. 

9.  Use  rewards  and  recognition. 


Yes  —  positive  reinforcement  is 
good. But  I  also  believe  in  a  public 
execution  once  or  twice  to  show 
the  company  you  are  serious. 

10.  Make  training  companywide; 
no  one  is  above  the  law.  Everyone 
needs  to  understand  and  adhere 
to  the  policies. 

So  there  you  have  it.  I’m  not  say¬ 
ing  that  you  can  eliminate  your 
technical  defenses  if  you  have  a 
well-trained  user  base.  But  you’ll 
give  yourself  a  net,  so  that  in  the 
event  your  defenses  fail,  your  net¬ 
work  won’t  melt  down. 

You  may  like  Cisco  or  hate  it.  But 
you  have  to  respect  the  way  it  eats 
its  own  dog  food. 

Rothman  is  president  and  princi¬ 
pal  analyst  of  Security  Incite,  an 
analyst  firm  focusing  on  informa¬ 
tion  security.  Read  his  blog  at 
http://feeds.feedburner.com/secu 
rity.inciterants  or  send  e-mail  to 
mike,  rothman  @securityincite.  com. 


Gartner  forecasts  security  troubles 


Myriad  dangers  lurk  in  cyberspace. 


Keep  your  options  open  when  buying  software. 


BY  JEREMY  KIRK,  IDG  NEWS  SERVICE 

Research  analysts  at  Gartner  are  predicting 
a  sticky  web  of  security  hazards  for  IT  profes¬ 
sionals  over  the  next  two  years,  ranging  from 
targeted  financial  attacks 
to  spyware  and  rootkits. 

Gartner  released  the  list 
of  threats  last  week  during 
its  IT  Security  Summit  in 
London. The  threats,  which 
Gartner  said  have  a  “poten¬ 
tial  to  inflict  significant 
damage”  on  businesses, 
are  as  follows: 

Cyberattacks  with  a  financial  motive: 
Criminals  may  try  to  steal  customer  data  or 
information  to  hurt  a  company’s  reputation. 
Gartner  suggested  that  corporations  run 
more  penetration  tests  to  detect  network 
holes  and  more  aggressive  intrusion- 
detection  systems,  along  with  the  usual  sig¬ 
nature-based  antimalware  software. 

Identity  theft:  While  the  number  of  victims 
has  remained  steady  Gartner  said  defense  is 
still  poor  against  these  attacks,  which  seek  to 
assemble  enough  personal  information  to, 
for  example,  a  open  bank  account  in  some¬ 
one  else’s  name.  Companies  can  defend 
themselves  with  stronger  authentication 
methods,  encryption,  better  access  control 
and  database  monitoring. 

Spyware:  This  insidious  form  of  software 
often  transparently  infects  computers,  re¬ 


cording  actions  such  as  keystrokes.  Over  the 
next  two  years,  20%  to  50%  of  companies 
will  be  infected  with  spyware,  Gartner  said. 
Antivirus  and  antispam  functions  are 
included  in  antispyware 
software. 

Social  engineering: 

Clever  tricks  by  cyber¬ 
criminals  can  dupe  users 
into  revealing  sensitive 
network  information. 
Users,  for  example,  could 
download  a  malicious 
software  program  if  they 
think  it  came  from  a  co-worker.  Gartner  rec¬ 
ommended  writing  clear  and  consistent 
security  policies  to  prevent  users  from  mak¬ 
ing  mistakes,  such  as  sending  confidential 
information  to  a  competitor. 

Viruses:  This  perennial  problem  remains. 
Companies  should  deploy  security  software 
that  uses  updated  signatures,  which  detect 
new  variations  of  malware,  to  stop  infections. 
IT  administrators  also  should  improve  patch¬ 
ing  and  vulnerability  detection  techniques, 
Gartner  said. 

Rootkits:  Gartner  predicts  more  trouble 
with  rootkits  over  the  next  five  to  10  years. 
These  modified  system  files  can  bury  them¬ 
selves  deep  within  an  operating  system  and 
can  be  difficult  to  find.  From  there,  rootkits 
could  offer  an  attacker  the  same  control  as 
the  computers  administrator.* 


BY  JEREMY  KIRK,  IDG  NEWS  SERVICE 

Security  software  is  mandatory  for 
companies  facing  an  Internet  commun¬ 
ity  of  aggressive  hackers  and  criminals. 
But  corporations  shouldn’t  feel  locked 
into  deals  with  their  security  vendors,  a 
Gartner  analyst  said. 

Under  the  right  circumstances, 
switching  vendors  may  make  financial 
sense,  said  Peter  Firstbrook,  research 
director  with  Gartner.  And  with  securi¬ 
ty  vendors  making  a  gross  profit  mar¬ 
gin  of  60%,  companies  may  have  more 
leverage  when  renegotiating  deals, 
he  said. 

“These  guys  [security  vendors]  are 
pretty  fat  and  happy  right  now]’ said  First- 
brook,  who  spoke  at  Gartner’s  IT  Security 
Summit  in  London  last  week.  “They’ve 
got  a  very  healthy  profit  margin.  Don’t 
feel  sad  for  your  antivirus  vendor  or  your 
antivirus  sales  rep.” 

The  antivirus  security  software  mar¬ 
ket  is  mature,  but  costs  aren’t  going 
down,  Firstbrook  said.  The  major  secu¬ 
rity  vendors  aren’t  worried  about  los¬ 
ing  clients  because  customers  believe 
that  changing  products  would  be  costly, 
he  said. 

Before  switching,  IT  managers  should 
think  about  the  complexity  of  rolling  out 
new  software.  The  companies  best  situ¬ 
ated  to  make  a  change  are  those  confi¬ 


dent  in  their  abilities  to  distribute  soft¬ 
ware,  test  new  products  and  educate 
users,  Firstbrook  said. 

When  slugging  it  out  in  negotiations, 
companies  can  do  several  things  to  en¬ 
sure  they  get  the  best  deal.  First,  they 
should  get  quotes  from  a  number  of  ven¬ 
dors  and  not  be  afraid  to  play  one  vendor 
off  against  another,  he  said. 

Perpetual  licenses  are  good,  but  organi¬ 
zations  should  remember  that  they  can 
only  negotiate  a  price  once.  Enterprises 
also  should  aim  for  rich  packages  that  in¬ 
clude  home  user  licenses  and  some  sup¬ 
port,  he  added. 

Licenses  for  desktops  and  e-mail  secu¬ 
rity  services  should  be  calculated  on  a 
per-seat  basis,  but  server  license  costs 
should  be  based  on  number  of  CPUs, 
Firstbrook  said.  Companies  should  not 
increase  their  seat  count  to  meet  a  ven¬ 
dor’s  price  list.* 
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Search  an  anti-spyware  product  database.  Check 
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www.nwdocfinder.com/4040 


Spewing  spyware 

Over  the  next  two  years, 

20%  to  50% 

of  companies  will  get  infected 
with  spyware,  according  to 
Gartner. 


fact 

More  than  60% 
of  malware  now 
contains  spyware. 


fact  is 

You  have  the 
power  to  keep 
prying  eyes  out. 


The  explosion  of  spyware  in  recent  months  poses  a  significant  risk  to  your  organization’s  security. 
Backdoor  Trojans,  botnet  worms,  adware,  keyloggers,  dialers  —  the  ways  in  which  hackers  can  steal 
data,  impair  networks  and  damage  reputations  are  radically  changing  the  way  you  need  to  safeguard 
confidential  information. 

Sophos’s  integrated  threat  management  solutions  provide  reliable  cross-threat  prevention  and  multi-tier 
protection.  Join  the  35  million  business,  education  and  government  users  in  150  countries  who  already 
trust  their  network  security  to  Sophos.  Get  the  facts  at  www.sophos.com. 


SOPHOS 

secured. 
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The  'Net:  Open  field  for  political  comment 


NET  INSIDER 

Scott  Bradner 


Now  that  the  primaries  are  over 
there  may  be  a  few  days  of  dimin¬ 
ished  intensity  in  the  political  ads 
that  flood  the  airwaves  and  print 
media. 

But  don’t  get  too  used  to  the 
slightly  less  disgusting  ads  for 
potions  to  counteract  malfunc¬ 
tioning  body  parts,  as  the  peak  of 
the  political  season  does  not  start 
for  another  month  or  so. The  polit¬ 
ical  ads  will  be  back  in  force  — 
each  trying  to  make  you  think  that 


the  person  behind  a  repulsive  ad 
attacking  his  opponent  is  some¬ 
how  less  repulsive  than  the  ad  he 
approved.  Because  of  the  Federal 
Elections  Commission  (FEC),you 
can  still  be  part  of  this  food  fight 
without  risking  anything  but  your 
reputation  and  sanity 

Last  year  there  was  an  uproar 
over  what  the  FEC  (www.fec.gov/) 
should  do  about  blogs  and  other 
political  discussion  on  the 
Internet  after  a  federal  court  ruled 
that  it  had  to  do  something 
(www.  nwdocf  i  nder.com/5325) . 

In  April  2005,  the  FEC  came  up 
with  a  proposed  set  of  rules 
(www.nwdocfinder.com/5326) 
and  held  a  public  hearing  in  June 
2005.  There  was  a  great  deal  of 
concern  that  the  FEC  would  wind 
up  with  a  set  of  rules  restricting 


political  speech  on  the  Internet  in 
the  name  of  fairness  and  control¬ 
ling  political  contributions  after  a 
House  bill  titled  “The  Online 
Freedom  of  Speech  Act”  aimed  at 
protecting  such  speech  failed  to 
pass.  Bloggers  and  many  others 
were  in  a  tizzy  In  the  end,  the  rules 
the  FEC  adopted  did  not  live  up  to 
the  threat  hype. 

There  are  rules,  however,  and 
anyone  wanting  to  exercise  their 
rights  to  discuss  political  issues  on 
the  Internet  should  have  some 
understanding  of  them.  The 
Center  for  Democracy  and  Tech¬ 
nology  has  just  put  up  a  Web  site 
(www.nwdocfinder.com/5327)  to 
help  people  understand  what 
their  rights  and  responsibilities  are 
under  the  current  election  laws. 
There  is  a  whole  lot  of  law  here  — 


the  FEC’s  compilation  of  Federal 
campaign  laws  runs  22 1  pages. 

The  Web  site  includes  a  10-ques- 
tion  quick  checklist  so  you  can 
see  if  you  are  subject  to  regulation 
by  the  federal  campaign  finance 
laws.  It  also  includes  easy-to- 
understand  FAQs  on  specific 
areas,  such  as  blogging  and  oper¬ 
ating  a  Web  site,  and  pointers  to 
many  resources,  including  federal 
laws  and  regulations.The  primary 
requirement  seems  to  be  that  you 
need  to  report  to  the  feds  if  you 
buy  ads  to  express  political  opin¬ 
ions  in  any  venue  —  Internet  ads 
are  not  exempted.  It  seems  good 
to  me  but  it  is  sad  there  is  no  effec¬ 
tive  rule  against  outright  lying  in 
political  ads  and  sadder  still  that  it 
would  get  used  so  often. 

An  aside  on  the  intellectual 


prowess  of  candidates:  I  know  the 
federal  Do  Not  Call  law  exempts 
political  calls,  but  in  my  opinion 
any  candidate  who  doesn’t  under¬ 
stand  that  people  get  on  that  list 
so  they  will  not  get  unsolicited 
calls  is  too  dumb  to  be  qualified 
for  office.  Clearly  this  is  not  a  cur¬ 
rent  rule,  just  my  wishful  thinking. 

Disclaimer:  Harvard  grads  are 
running  in  many  elections,  and  at 
least  some  of  them  are  dumb 
enough  to  ignore  the  Do  Not  Call 
list  (not  clear  how  they  got  into 
Harvard).  But  as  far  as  I  know. 
Harvard  has  expressed  no  opin¬ 
ion  on  the  topic. 

Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


NetXen  offers  virtualization-friendly  NICs 


BY  PHIL  HOCHMUTH 

NetXen  last  week  launched 
Gigabit  and  10G  server  network 
interface  cards  aimed  at  opening 
up  I/O  bottlenecks  among  server 
images  running  on  a  single  virtu¬ 
alized  machine. 

The  Intelligent  NIC  product  line, 
with  what  the  company  calls 


NetXen's  Intelligent  NIG  can  support 
hundreds  of  virtual  machines. 


NetSlice  technology,  uses  a  mix  of 
software  and  processors  to  create 
virtual  device  drivers  for  hun¬ 
dreds  of  virtual  machines  sharing 
a  single  server  network  adapter. 
The  company  says  its  technology 
improves  performance  by  letting 
server  processors  concentrate 
power  on  application  processing 
instead  of  the  network  stack. 

NetXen’s  first  release  of  its  net¬ 
work  adapters  in  April  included  a 
four-port  Gigabit  Ethernet  card,  a 
two-port  lOGbps  fiber  card,  and 
single-port  lOGbps  CX-4  copper- 
based  and  fiber  adapters.  These 
cards  include  TCP/IP  and  iSCSI 
processing  offload  and  Remote 


Direct  Memory  Access  technolo¬ 
gies,  which  operate  as  upgrade- 
able  firmware  images  on  the 
hardware.  The  adapters  work 
with  Windows,  Linux  and  Unix 
operating  systems,  and  virtual 
machine  technologies  such  as 
VMware,  Xen  and  Microsoft 
Virtual  Server. 

NetXen  also  rolled  out  its 
NetSlice  firmware,  which  lets 
users  create  as  many  as  1 ,024  vir¬ 
tual  NICs  for  as  many  virtual  oper¬ 
ating  system  images  running  on  a 
single  machine. 

NetXen  says  its  NetSlice  technol¬ 
ogy  improves  the  way  virtual 
machines’  I/O  interacts  with  net¬ 
work  hardware.  Virtual  servers, 
under  the  control  of  a  virtual 
machine  monitor  or  hypervisor 
layer,  must  handle  all  requests  for 
hardware  I/O  transactions  on 
most  virtual  machine  setups. 
NetXen  says  this  requires  the  vir¬ 
tual  machine  monitors  to  exten¬ 
sively  tap  into  server  CPU  re¬ 
sources  for  simple  network  com¬ 
munications  tasks;  this  saps  pro¬ 
cessing  power  from  all  virtual 
machines  and  can  heat  up  the 
physical  device. 

“It’s  another  step  of  hardware 
offload,”  says  Bob  Wheeler,  an 
analyst  with  the  Linley  Group, 
regarding  the  NetSlice  technol- 
ogy.“lnstead  of  all  the  translation 
between  physical  and  virtual 
ports  happening  in  software, 


[NetSlice]  moves  that  to  hard¬ 
ware.”  By  creating  virtual  NIC  dri¬ 
vers  for  each  operating  system 
image,  control  of  I/O  requests  is 
moved  off  the  virtual  machine 
monitor  or  hypervisor  and  onto 
the  NIC  hardware.  Some  users  of 
virtualized  servers  have  used  mul¬ 


tiple  NICs  to  improve  network  I/O, 
Wheeler  says. 

NetXen’s  NICs  are  used  in  IBM 
and  HP  servers,  and  compete  with 
10G  server  adapters  from 
Neterion  and  Chelsio. 

NetXen’s  adapters  cost  around 
$600,  but  are  sold  through  server 


manufacturers.  The  NetSlice 
firmware  upgrade  for  its  adapters 
will  be  available  this  month.  ■ 
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Compact  device  protects  laptops 


BY  JOHN  COX 

An  Israeli  start-up  has  unveiled  a  gateway  about 
the  size  of  a  fat  harmonica,  that’s  designed  to  make 
mobile  laptops  on  the  road  as  secure  as  desktops  in 
the  main  office. 

The  Yoggie  Gatekeeper,  from  Yoggie  Security 
Systems  of  Netanya,  Israel,  can  be  thought  of  as  a 
personal  appliance  programmed  to  protect  the 
laptop. 

The  Yoggie  sits  inline  between  the  laptop  and 
whatever  Internet  connection  is  available.  It  mea¬ 
sures  4  by  2  by  0.8  inches  and  weighs  2.5  ounces. 
But  the  device  runs  a  stack  of  high-powered  secu¬ 
rity  programs,  including  a  firewall  and  VPN  client. 
Network  administrators  use  the  Yoggie  Manage¬ 
ment  Server  to  set  up  and  change  security  policies, 
and  the  Yoggie  device  enforces  them. 

To  do  this,  the  device  has  an  Intel  XScale  PXA  260 
520GHz  processor,  with  as  much  as  128MB  of  mem¬ 
ory  and  an  embedded,  hardened  operating  system 
based  on  Linux. 

“It’s  like  a  bodyguard,”  says  Shlomo  Touboul, 
Yoggie  Security  Systems  founder  and  CEO,  who’s 
launched  a  number  of  network  management  and 
security  companies  over  the  past  20  years.  “If 
[attacker]  X  tried  to  reach  the  laptop  [IP] 


address,  the  attack  actually  goes  to  the  Yoggie, 
with  its  own  IP  address,  and  not  to  the  laptop 
itself.” 

Most  mobile  client  security  measures  require 
running  several  security  applications  and  agents 
on  the  laptop,  making  them  dependent  to  varying 
degrees  on  the  security  capabilities  of  the  under¬ 
lying  Windows  operating  system.  As  a  separate, 
inline  appliance, Yoggie  offloads  the  security  soft¬ 
ware  stack  from  the  laptop  and  sidesteps 
Windows. 

The  first  version  has  two  10/ 100Mbps  Ethernet 
network  interface  cards. 

The  Yoggie  filters  traffic  through  its  security  appli¬ 
cations.  The  applications  include  an  open  source 
firewall  and  the  open  source  Snort  program  for 
intrusion  detection  and  prevention. 

A  separate  security  analysis  program  analyzes  all 
these  activities  to  identify  new  or  emerging  traffic 
patterns  that  show  suspicious  behavior. 

Beta  testing  is  scheduled  to  start  later  this  month, 
and  the  product  is  expected  to  ship  in  November. 
Yoggie  Basic  will  be  priced  at  $180,  and  provides 
network  and  Web  security.  Yoggie  Pro,  priced  at 
$220,  has  a  heftier  processor,  and  more  memory 
and  adds  e-mail  security.® 


"With  the  ShoreTel  system,  we  have  a  comr 
dial  plan  allowing  4-digit  dialing  to  any  use 
at  any  of  our  50  sites  across  the  company 
Calls  can  be  easily  transferred,  voicemails 
forwarded,  and  auto  attendants  can  send 
calls  to  users  at  locations  anywhere  in  the 
network.  Managing  voicemail  as  if  it  were 
e-mail  is  qreat,  and  users  love  it." 
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Don’t  blame  VoIP  for  Vonage's  belly-flop 


EYE  3H  THE  CARRIER 

Johna  Till  Johnson 


Remember  Vonage?  Back  in 
May,  the  Internet  VoIP  company 
held  its  much-anticipated  IPO, 
which  investors  and  various  pun¬ 
dits  were  predicting  would  show¬ 
case  the  triumph  of  “next-genera¬ 
tion”  VoIP  services  over  the  old, 
tired  offerings  of  the  Bells. 

What  happened  instead  was 
that  Vonage’s  shares,  which  were 
initially  offered  at  $17,  promptly 
tanked  (Vonage  is  trading  at 
about  $8  per  share  now).  That’s 
not  all  —  Vonage  is  now  appar¬ 
ently  suing  its  own  customers  for 
failure  to  purchase  roughly  1  mil¬ 
lion  shares  of  its  stock.  The  com¬ 
pany  recently  sent  “pay  up  or  face 
the  consequences”  letters  to 
roughly  9,000  of  its  customers 
who  had  promised  to  invest  but 
backed  out  in  the  face  of  the  dis¬ 
appointing  IPO. 


Talk  about  hilarious! 

Not  even  the  Bells  have  been 
boneheaded  enough  to  think  of 
suing  their  customers  for  shorting 
their  stock.  (And  please,  let’s  not 
give  them  any  bright  ideas,  OK?) 
Unless  you’re  one  of  those  Vonage 
customers  who  got  the  letter, 
you’re  probably  chuckling. 

But  there’s  a  serious  point  here, 
too.  It’s  a  mistake  to  view  Vonage’s 
market  belly-flop  as  a  thumbs- 
down  on  VoIP  technology  As  I’ve 
pointed  out  in  many  previous 
columns,  VoIP  can  potentially 
lower  costs  and  improve  agility  for 
enterprises  that  deploy  it  correctly 
The  real  lesson  behind  Vonage’s 
VoIP  belly-flop  is  that  service  com¬ 
panies  —  regardless  of  the  tech¬ 
nologies  they  deploy  —  are  fun¬ 
damentally  providers  of,  well,  a 
service.  In  the  telecom  case,  the 
service  involves  connecting  peo¬ 
ple  effectively.  That  means  a  great 
deal  more  than  “using  the  latest 
and  greatest  technology’  It  means 
providing  top-tier  customer  ser¬ 
vice  and  support. 

Vonage  apparently  hasn’t  en¬ 
tirely  figured  that  out.  Complaints 
about  its  customer  service 


IBM  boosts  start-ups 


BY  CARA  GARRETSON 

IBM’s  Venture  Capital  Group  is  ramping  up  its  efforts  to  help  start-ups 
bring  products  to  market  by  enhancing  access  to  the  computer  giant’s 
technology  and  expertise. 

For  the  past  seven  years,  the  group  has  taken  a  unique  approach  to 
working  with  start-ups;  instead  of  investing  directly  in  young  compa¬ 
nies,  IBM  consults  with  established  venture  capital  firms  to  identify 
entrepreneurs  with  offerings  that  would  fit  within  IBM’s  technology 
framework. 

IBM  then  strikes  partnerships  with  those  venture  capitalists  and 
young  companies,  offering  them  guidance,  advice,  access  to  technol¬ 
ogy,  and  sales  and  marketing  support. 

Last  Thursday,  the  group  announced  enhancements  to  this  part¬ 
nership  program  that,  via  the  company’s  32  innovation  centers 
around  the  world,  offers  partnering  start-ups  access  to  IBM  tech¬ 
nology  and  customized  technical  and  strategic  support  at  no 
charge,  says  Drew  Clark,  director  of  strategy  and  co-founder  of  the 
group. 

Offering  such  support  in  new  technology  areas  where  IBM  has 
expertise,  such  as  virtualization,  service-oriented  architecture,  soft- 
ware-as-a-service,  blade  servers  and  Web  2.0,  will  help  start-ups  better 
compete  in  the  marketplace,  he  says. 

Other  large  vendors, such  as  Cisco,  Microsoft  and  HRoffer  similar  ser¬ 
vices  to  the  start-ups  they  invest  in  and  that  are  developing  products 
complimentary  to  their  own. 

IBM  maintains  its  partnership  program  is  much  more  comprehen¬ 
sive  than  those  of  other  vendors,  particularly  in  the  application  space, 
because  IBM  is  no  longer  in  that  business  and  looks  to  its  partners  to 
fill  those  gaps  in  its  technology  portfolio.  ■ 


abound.  “Vonage  is  the  roach 
motel  of  phone  companies,” 
writes  one  disgruntled  ex-cus- 
tomer.  “They  have  salespeople 
working  around  the  clock  but 
intentionally  don’t  put  their  cus¬ 
tomer  service  extension  in  the 
menu  on  their  phone  system.” 
Analyst  David  Andrews  details  a 
similarly  negative  experience  (see 
www.nwdocfinder.com/5345), 
concluding  that  Vonage  “builds 
negative  brand  equity”  in  the  way 
it  treats  customers. 

There  are  early  indications  that 
the  company  is  addressing  these 
problems  —  sort  of.  A  few  weeks 
ago,  CEO  Jeffrey  Citron  said  the 
company  was  “improving  cus¬ 


tomer  service  to  help  retain  sub¬ 
scribers.”  Great  move  —  too  bad  it 
didn’t  occur  to  the  folks  in  charge 
until  recently 

So  there  are  several  take-aways 
here.  First,  Vonage’s  competitors 
should  keep  in  mind  that  the 
company’s  current  rocky  path 
doesn’t  mean  VoIP-based  services 
are  down  for  the  count.  On  the 
contrary  it’s  increasingly  clear  that 
VoIP  will  become  the  baseline 
infrastructure  enabling  a  whole 
host  of  next-generation  communi¬ 
cation  and  collaboration. 

Second,  providers  of  all  stripes 
(and  technologies)  should 
focus  on  offering  world-class  ser¬ 
vice  and  support.  Technology’s 


just  table  stakes.To  cement  long¬ 
term  customer  loyalty,  providers 
need  to  meld  cutting-edge  tech¬ 
nology  with  tried-and-true  ser¬ 
vice  and  support. 

And  finally  .  .  .  Just  for  the 
record,  Citron,  suing  your  cus¬ 
tomers  (however  justified  legally) 
isn’t  exactly  a  great  way  to  win 
their  undying  loyalty  What’s  next? 
Tacking  unspecified  charges  on 
to  phone  bills?  Oh  wait  —  that’s 
Verizon. 

Johnson  is  president  and  chief 
research  officer  at  Nemertes 
Research,  an  independent  technol¬ 
ogy  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Optical  ring  technology  on  tap 
from  Matisse  Networks 


BY  TIM  GREENE 

Matisse  Networks  is  introducing  an  optical 
switch  that  is  stingy  in  its  use  of  lasers  but  can 
support  fully  meshed  fiber-optic  rings  on 
which  traffic  is  provisioned  as  if  the  whole 
network  were  based  on  Layer  2  Ethernet 
switches  alone. 

The  switch,  called  the  EtherBurst  Optical 
Switch,  can  transmit  as  many  as  32  wave 
lengths  of  light  from  each  node  using  a  single 
laser  that  transmits  each  wavelength  as  needed.  Each 
node  receives  only  one  wavelength  of  light  and  lets 
all  other  wavelengths  pass  by 

This  means  that  a  ring  with  32  nodes  requires  32 
lasers  or  optical  transponders  —  one  at  each  node 
—  to  connect  to  all  the  other  nodes  on  their  own 
wavelengths.  With  traditional  dense  wavelength 
division  multiplexing  (DWDM)  gear,  supporting  a 
separate  wavelength  for  each  node  would  require 
496  transponders  and  presetting  point-to-point  opti¬ 
cal  circuits  to  connect  each  node  to  all  the  others 
on  a  ring. 

Transponders  are  one  of  the  most  costly  elements 
of  any  optical  deployment,  and  with  DWDM  they  lie 
idle  when  there  is  no  traffic  on  their  optical  circuits. 

“This  technology  makes  very  large  deployments 
economically  feasible,”  says  Michael  Kennedy  man¬ 
aging  partner  of  Network  Strategy  Partners.  He 
likened  an  EtherBurst  ring  to  a  campus  Gigabit 
Ethernet  backbone  sharing  bandwidth  for  all  the 
access  switches  on  the  network.  In  the  case  of 
EtherBurst,  the  backbone  is  10Gbps,he  says. 

The  EtherBurst  is  more  efficient  than  DWDM  in  that 
it  doesn’t  require  setting  up  static  optical  channels 
between  nodes  that  must  be  provisioned  at  great 
expense,  he  adds. 

Traffic  from  the  Ethernet  side  of  an  EtherBurst 
Optical  Switch  is  plugged  into  Matisse’s  SX-1000 
Ethernet  Service  Node,  the  network-facing  compo- 


Matisse's  Etherburst  Optical  Switch  can  eliminate  the  need  for 
adding  costly  transponders. 


nent  of  the  switch.  An  SX-1000  supports  48  lGbps 
ports  or  four  lOGbps  ports. 

The  Ethernet  Service  node  reads  the  traffic  and  fig¬ 
ures  out  on  which  optical  node  the  destination 
address  lies,  and  switches  the  traffic  to  that  node.  It 
does  this  by  signaling  the  optical  part  of  the 
EtherBurst  Optical  Switch,  called  the  PX-1000  Pho¬ 
tonic  Node,  to  generate  optical  pulses  at  the  correct 
frequency  to  transmit  the  traffic  to  the  node  con¬ 
nected  to  the  destination  address. 

The  transponder,  called  Tango,  can  adjust  in  nano¬ 
seconds  to  any  frequency  within  the  ITU-defined  C 
band  of  optical  spectrum, send  a  burst, then  return  to 
a  different  frequency  within  nanoseconds,  Matisse 
says.  A  Matisse  processor  called  MeshWave  sched¬ 
ules  this  tuning  and  transmitting  as  well  as  ensures 
QoS  and  guarding  against  traffic  collisions,  the  com¬ 
pany  says. 

Both  Tango  and  MeshWave  are  patented. 

Setting  up  a  ring  is  accomplished  by  loading  rout¬ 
ing  information  on  the  SX-1000  Ethernet  Service 
Nodes;  provisioning  the  optical  ring  is  automated. 
Each  EtherBurst  Optical  Switch  discovers  the  oth¬ 
ers  and  they  automatically  assign  a  wavelength  to 
each  node. 

EtherBurst  gear  is  available  for  evaluation  and  test¬ 
ing, and  will  be  generally  available  in  the  fourth  quar¬ 
ter.  The  SX-1000  starts  at  $86,000;  the  PX-1000 
Photonic  Node  starts  at  $58,000.  ■ 


Don't  let 

a  trading  partner's 
failure  disappoint 
your  customer. 


Assure  flawless  information  hand-offs  and  make  your  systems  collaborate  the  way  75%  of  the  FORTUNE®  100  do. 

If  your  company  depends  on  partners  outside  your  control,  you  should  depend  on  Sterling  Commerce.  Only 
Sterling  Commerce  Multi-Enterprise  Collaboration  (MEC)  solutions  allow  you  to  optimize  communities,  pro¬ 
cesses  and  technology.  So  you  can  leverage  your  current  assets  with  configurable  software  and  services 
built  on  a  services-oriented  architecture,  ready  for  implementation  right  now.  You  get  visibility  into  your  entire 
value  chain  and  increased  control  moving  forward.  With  over  30,000  customers  worldwide,  we're  sure  to  have 
a  solution  that  pleases  you. ..and  your  customers.  Visit  us  at  www.sterlingcommerce.com 


COMMUNITY  ENABLEMENT  /  SUPPLY  CHAIN  APPLICATIONS  /  PAYMENT  APPLICATIONS 


ON-DEMAND  SOLUTIONS 


B2B  COLLABORATION 


5  ster'i"9 


commerce 

An  AT&T  Company 


©2006  Sterling  Commerce,  Inc.  ALL  RIGHTS  RESERVED.  Sterling  Commerce  and  the  Sterling  Commerce  logo  are  trademarks  of  Sterling  Commerce,  Inc.  Sterling  Commerce  is  an  AT&T  company.  FORTUNE  is  a 
registered  mark  of  Time  Inc. 


DUE  TODAY  H  /l(i(f/Mnwil//m/n/ninil 

"*  ftDD  T3GB  SCSI  SCft  DISK  TO  CLOTS  RAD  5  CONFIG 

*  UPGR  ft  OF  CRYPTO  UBRASlfcS  ON  SERVERS  C-F 
WITHIN  THE  WWW  LDftD  SALMON 6  CLUSTER 

-o  FOLLOW  UP  WITH  TOM  RE:  OB  CONTROL  PANEL  ERROR 

CALL  BOB  RE:  MAIL  SERVER,  MAY  NEED  AN  OP&RftOE  ? 

*  PERFORM  SECURITY  AUDIT  ON  SERVERS  X,YZ- 
DEUVER  FULL  REPORT  BY  8 PH 

**  NETWORK  ARCH.  DIAGRAM  fDft  COLOG  FACILITY 

BOILD  NEW  BOX  U/  IIS  +  NSSQL  +  WIDOWS  MEDIA  SERVER 
Nil/ 
lOfcW 

m 

lOm 

m 


TiMY 

jm  cool 


w< 


Dual-Core  is  a  new  technology  designed  to  improve  performance  of  multithreaded  software  products  and  hardware-aware  multitasking  operating  systems  and  may  require  appropriate 
operating  system  software  for  full  benefit;  check  with  software  provider  to  determine  suitability;  not  aii  customers  or  software  applications  will  necessarily  benefit  from  use  of  this  technology. 
Requires  a  separately  purchased  64-bit  operating  system  and  64-bit  software  products  to  take  advantage  of  the  64-bit  processing  capabilities  of  the  Dual-Core  Intel  Xeon  Processor.  Given  the 


Dual-core. 
Do  more. 
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Meet  the  new  BladeSystem  c-Class  from  HP  —  the  only  one  to 
feature  Thermal  Logic  Technology. 

Thanks  to  our  intuitive  Thermal  Logic 
Technology,  now  you  can  assess  your 
power  usage  and  system  temperature  so 
you  can  respond  quickly  to  changing  needs. 
The  graphical  thermal  dashboard  provides 
you  with  an  instant  snapshot  of  the  power 
consumption,  heat  output  and  cooling  capacity  of  your  environment¬ 
al!  on  one  screen.  With  the  HP  BladeSystem,  you'll  have  the  ability  to 
lower  power  usage  and  heat  without  sacrificing  performance. 

Simply  plug  in  the  HP  ProLiant  BL460c  server  blade,  featuring  Dual-Core 
Intel®  Xeon®  Processors,  and  you'll  get  the  performance  and  versatility  you 
need  to  support  32-  and  64-bit  computing  environments. 

Using  the  HP  BladeSystem  for  your  business  will  keep  the  control  exactly 
where  it  should  be  — in  your  hands. 


To  experience  the  HP  BladeSystem  and  download 
an  IDC  White  Paper,  go  to  YouAlwaysHadlt.com/cool4 

Call  1-866-625-4087  or  visit  your  local  reseller 
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wide  range  of  software  applications  available,  performance  of  a  system  including  a  64-bit  operating  system  will  vary.  Intel’s  numbering  is  not  a  measurement  of  higher  performance.  Intel  the 
Intel  Logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  The  information  contained  herein  is 
subject  to  change  without  notice.  ©2006  Hewlett-Packard  Development  Company,  L.P. 


Is  there  a  simple  way  to  secure  your  network  so  that  only  your  employees  can  access  it? 
Yes.  Choose  Nortel.  We  provide  safe,  secure,  and  reliable  data  and  voice  communications 
all  over  the  world,  including  support  for  100  million  remote  workers  every  day. 
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BEA  focuses  on  flexible, 
collaborative  SOA 


BY  JENNIFER  MEARS 

As  IT  managers  continue  to  wrangle  with 
creating  and  managing  service-oriented 
architectures,  in  which  application  compo¬ 
nents  are  used  and  re-used  to  meet  busi¬ 
ness  demands,  BEA  Systems  is  focusing  on 
providing  an  underlying  open  platform  for 
cohesive,  companywide  SOA. 

The  infrastructure  software  vendor  took 
a  big  step  in  that  direction  last  week  when 
it  used  its  BEAWorld  user  conference  to 
launch  SOA  360,  a  new  platform  and 
approach  toward  deploying  service-ori¬ 
ented  applications.  SOA  360  uses  a  light¬ 
weight  Web  services  standard  that  BEA 
devised,  called  microService  Architecture, 
to  tie  together  pieces  of  formerly  disparate 
software  product  families,  as  well  as  to 
provide  a  platform  for  integrating  third- 
party  applications. 

The  idea  behind  SOA  is  that  applications 
are  broken  down  into  modular  services 
that  can  be  mixed  and  matched  according 
to  business  demands.  For  example,  if  an 
application  needs  to  communicate  with  a 
different  database,  a  service  component 
that  points  to  the  specific  database  is 
changed  while  the  rest  of  the  application 
remains  untouched.  In  the  past,  applica¬ 
tions  were  monolithic  and  every  change 
required  hefty  recoding. 

With  SOA  360,  customers  can  more  easi¬ 
ly  integrate  software  from  BEAs  three 
product  lines:  WebLogic,  which  is  used  for 
creating  Java-based  applications  and  Web 
services;  AquaLogic,  which  manages  and 
configures  SOA  applications;  and  Tuxedo, 
which  is  used  to  create  transaction-based 
applications. 


“What  you’re  seeing  is  the  ability  to  put 
[all  of  these  applications]  in  the  right  loca¬ 
tion  inside  the  SOA  life  cycle  and  connect¬ 
ing  all  of  them  through  a  unified  repository 
so  they  can  share  information,”  says  Rob 
Levy  BEAs  CTO. 

In  addition,  with  mSA,SOA  360  gives  cus¬ 
tomers  the  ability  to  only  pull  the  services 
—  or  parts  —  of  the  application  needed  for 
a  particular  business  process,  rather  than 
requiring  the  entire  application  environ¬ 
ment  every  time. 

“When  you  start  thinking  about  deploying 
an  SOA  environment  you  want  to  have  the 
flexibility  of  putting  in  only  the  pieces  you 
need  to  build  it,”  Levy  says.  “Today  people 
provision  a  complete  environment  regard¬ 
less  of  how  much  of  it  is  actually  going  to 
be  used  for  the  application  that  is  going  to 
be  deployed  on  top  of  it.” 

So  when  capturing  data,  for  example, 
there  is  no  need  to  deploy  a  large  Java  envi¬ 
ronment  on  a  server. ‘All  you  really  need  is 
a  Java  Virtual  Machine  container  so  you 
can  run  the  applet  and  the  data  services 
integration  component,”  Levy  says. 

SOA  360  is  made  up  of  a  number  of  soft¬ 
ware  pieces  (see  graphic).  BEA  plans  to 
componentize  all  of  its  middleware  prod¬ 
ucts  in  the  next  12  to  18  months,  Levy  says. 

Analysts  say  BEAs  new  SOA  360  approach 
reflects  an  industry  trend  in  which  infra¬ 
structure  software  vendors  such  as  IBM, 
Microsoft  and  Oracle  are  rolling  out  tools 
designed  to  better  manage  SOA  compo¬ 
nents.  WebMethods,  for  example,  earlier  this 
month  announced  plans  to  buy  Infravio,  a 
company  that  builds  software  to  manage 
the  pieces  within  an  SOA.  ■ 
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Simplifying  SOA 

BEA  Systems  used  its  BEAWorld  Conference  to  launch  a  simpler,  more  flexible 

approach  to  service-oriented  architecture  with  its  new  SOA  360  platform.  A  look 

at  announcements  from  the  show: 

•  Released  AquaLogic  Data  Services  Platform  2.5,  which  virtualizes  and  aggregates  data  repositories 
so  that  data  can  be  accessed  by  applications  regardless  of  data  type  or  location.  Pricing  not  released. 

•  Introduced  AquaLogic  Enterprise  Repository  2.5,  a  metadata  repository  built  on  technology  that  BEA 

acquired  with  Flashline  that  runs  on  WebLogic,  as  well  as  third-party  software  from  vendors  such  as 
IBM,  Microsoft  and  Oracle,  and  open  source  platforms  such  as  Apache  Tomcat.  Available  Sept.  29;  pricing 
not  released.  _ 

•  Announced  BEA  Guardian  Support  Service,  pre-emptive  software  support  for  WebLogic,  as  well  as 
select  AquaLogic  products.  To  be  released  in  December;  pricing  not  yet  disclosed. 

•  Unveiled  Services  Architecture  Leveraging  Tuxedo  1.1,  enabling  legacy  applications  built  in  the  Tuxedo 
transaction  management  environment  to  be  exposed  as  Web  services  and  become  part  of  an  SOA. 

•  Rolled  out  BEA  SOA  for  Executives,  a  package  of  consulting  and  education  services  designed  for  senior 
IT  executives  to  learn  about  the  business  benefits  of  SOA. 

•  Previewed  the  Workspace  360  family  of  products,  which  are  designed  to  bring  business.  IT  and 
developers  into  a  collaborative  environment  for  creating  services-based  applications.  The  products  will 
be  rolled  out  next  year,  when  pricing  also  will  be  announced. 


Introducing  the  Nortel  Secure  Router  Portfolio.  Finally,  a 
portfolio  that  provides  security  and  reliability,  ail  at  25%  less 
cost  than  the  leading  competitor.  It  is  time  to  turn  to  Nortel 
for  end-to-end,  converged  enterprise  network  solutions. 
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Google  ups  capacity  on  corporate  search  appliance 


BY  JOHN  FONTANA 

Google  last  week  shipped  a  ver¬ 
sion  of  its  Search  Appliance  that 
doubles  the  number  of  docu¬ 
ments  it  can  index  and  added 
support  for  10  new  languages. 


The  GB-8008  appliance  can 
search  up  to  30  million  docu¬ 
ments  across  a  corporation’s 
internal  content  and  Web  sites. 
The  previous  capacity  was  15  mil¬ 
lion.  The  appliance  is  based  on 


the  same  search  technology  used 
on  Google.com. 

While  the  capacity  of  30  million 
documents  is  the  largest  off-the- 
shelf  support  Google  offers,  the 
company  will  continue  to  provide 


custom-built  systems  for  users 
who  need  more  capacity 
Google  also  said  the  capacity  of 
the  GB-5005  was  being  doubled 
from  5  million  to  10  million  doc¬ 
uments.  Previously,  users  who 
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Building  a  Connected  World 


wanted  more  than  5  million  doc¬ 
uments  had  to  use  the  GB-8008. 
Earlier  this  year,  Google  doubled 
the  capacity  of  its  GB-1001  model 
from  1.5  million  to  3  million. 

Matt  Glotzbach,  senior  product 
manager  for  Google  Enterprise, 
says  the  company  plans  another 
major  release  of  the  Search  Appli¬ 
ance  before  year-end  and  that  the 
company  will  focus  on  improving 
search  relevancy  integration  with 
more  back-end  corporate  data 
repositories  and  security 

In  addition  to  the  capacity 
changes,  Google  also  added  a 
data-range  and  number-range 
search  options  that  allows  users  to 
define  searches  using  dates  and 
numbers,  including  prices. 

The  GB-8008  also  adds  10  lan¬ 
guages,  for  a  total  of  16:  Chinese 
(Simplified  &  Traditional),  Danish, 
Dutch,  English,  Finnish,  French, 
German,  Italian,  Japanese,  Korean, 
Norwegian,  Fbrtuguese  (Brazilian), 
Russian, Spanish  and  Swedish. 

Pricing  for  the  search  appli¬ 
ances  starts  at  $30,000  for  500,000 
documents.  In  May  Google  said  its 
search  technology  is  one  of  the 
cornerstones  in  its  strategy  to 
enter  the  enterprise  market.  The 
other  is  Google  Apps  for  Your  Do¬ 
main,  which  includes  e-mail, 
instant  messaging  and  calendar¬ 
ing,  that  Google  hopes  will  grow 
up  into  the  enterprise  on  the  back 
of  user  adoption. 

Over  the  past  year,  Google  has 
been  upgrading  its  corporate 
offerings. 

in  April  it  launched  Google  One- 
Box  for  Enterprise,  which  taps  into 
technology  that  Google  uses  on 
its  consumer  search  engine  that 
provides  specialized  results  when 
users  type  in  package  tracking 
numbers,  addresses  or  keywords. 

in  March,  it  added  to  its  Google 
Mini  search  lineup  with  a  version 
that  supports  50,000  documents, 
which  is  half  of  what  the  original 
Mini  handles.The  newest  Mini  fol¬ 
lowed  the  introduction  in  January 
of  two  new  models  of  Google 
Mini  that  handle  up  to  200,000 
and  up  to  300,000  documents. 

in  February  Google  introduced 
its  first  partnership  with  a  profes¬ 
sional  services  firm.  It  joined  with 
BearingFbint,  a  systems  integrator, 
to  launch  a  practice  centered  on 
search  using  the  Google  software 
platform  and  Googles  APIs  for 
integrating  the  Search  Appliance 
with  corporate  data  stores.B 
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security  with  the  capabilities  of  wikis. The 
DekiBox  sits  on  the  corporate  network 
behind  the  firewall,  enabling  IT  to  have  full 
control  over  data  usage  and  storage.  Infor¬ 
mation  is  XML-based,  which  allows  for  easy 
queries.  With  the  DekiBox,  users  can  fold 
RSS  feeds,  interactive  maps  and  other  Web 
services  into  their  collaborative  environ¬ 
ments.  The  DekiBox  also  includes  off-site 
backup  of  all  Wiki  pages,  content  and 
images  —  if  the  box  is  destroyed  or  stolen 
data  can  be  immediately  restored. 


InterCloud  Security  Service 

Company:  Trend  Micro 

Web  site:  www.trendmicro.com 

Details:  Currently  in  beta,  general  avail¬ 
ability  expected  in  2007. 

Challenge:  Botnet  zombie  attacks  are  on 
the  rise.  Enterprises  are  winding  up  on 
spam  blacklists,  bringing  productivity  to  a 
halt  and  jeopardizing  corporate  integrity. 
Companies  attempt  to  remediate  attacks  by 
inspecting  the  content  of  messages, but  this 
approach  can  be  processor-intensive. 

Solution:  Trend  Micros  InterCloud  Secu¬ 
rity  Service  uses  a  behavioral  model  to  ana¬ 
lyze  and  remediate  botnet  and  zombie 
attacks.  The  appliance  sits  on  the  edge  of 
the  network  and  acts  as  a  replacement  for 
an  organization’s  recursive  DNS  server,  says 
Paul  Moriarity  director  of  product  develop¬ 
ment  for  Internet  content  security  at  Trend 
Micro.The  service  monitors  each  computer 
on  the  network’s  activity,  watching  for 
anomalous  behavior.“If  a  computer  is  send¬ 
ing  a  lot  of  e-mail  over  a  short  period  of 
time,  it’s  probably  a  spambot,”  he  says.  The 
service  also  tracks  whether  machines  are 
visiting  well-known  botnet  command  and 
control  centers,  where  zombies  receive  in¬ 
structions.  Moriarity  says  managed  security 
services  help  IT  battle  this  growing  prob¬ 
lem.  “Managed  providers  are  able  to  con¬ 
stantly  identify  new  threats  and  patterns 
and  push  that  information  in  real  time  to 
appliances,”  he  says. 


VaporStream  Stream  Messaging 

Company:  Void  Communications 

Web  site:  www.vaporstream.com 

Details:  Basic  service  will  be  available  in 
early  2007  for  $40  per  month;  mobile  ser¬ 
vice  will  cost  $5  more  per  month. 

Challenge:  Federal  and  private  sector 
mandates  require  companies  to  keep 
records  of  e-mail  and,  in  some  cases,  in¬ 
stant  messages.  But  some  organizations, 
such  as  the  military  need  a  way  to  com¬ 
municate  without  a  permanent  record 
being  generated. 

Solution:  VaporStream  is  a  Web-based 
service  that  lets  users 
message  each  other 
with  their  standard  e- 
mail  addresses.  Users 
call  up  a  Web  page  that 
allows  them  to  enter 
the  recipient’s  address 
and  a  message.  Behind 
the  scenes,  the  mes¬ 
sage,  which  is  written 
in  plain  text,  is  trans¬ 
mitted  as  an  encrypted 
image  to  keep  the  in¬ 
formation  secure  and 
free  from  spam  and 
viruses.  Also,  the 
browsers  on  both  ends 
are  instructed  not  to 
cache  the  data.  Users 
cannot  edit,  forward  or 
save  the  messages,  and  replies  are  carried 
out  in  a  new  window.  “We  wanted  to  keep 
everything  RAM-based  to  truly  make  it 
recordless,”  says  CEO  Joseph  Collins.  The 
company  is  also  developing  an  enterprise 
edition  that  would  allow  IT  to  define  what 
a  record  is  as  well  as  enforce  user  policies 
and  access  controls. 

TotalView 

Company:  BeHere 

Web  site:  www.behere.com 

Details:  Device  and  software  are  available 
for  $2,000. 

Challenge:  Today’s  video- 
conferencing  systems  are 
one-dimensional,  with  no 
peripheral  vision  on  the 
cameras.This  leaves  many 
participants  in  a  board- 
room  or  other  group  setting 
unable  to  fully  participate 
and  engage  with  other 
attendees.  In  addition, 
many  audioconferencing 
systems  are  based  on  traditional  voice  lines 
and  do  not  take  advantage  of  a  company’s 
investment  in  VoIP  “Historically  corporate 
videoconferencing  has  been  difficult  to  use 
and  expensive.  The  camera  is  often  sepa¬ 
rate  from  the  action  and  unless  people 
know  how  to  huddle  in  one  place  or  other 
conferencing  etiquette,  meetings  are  ineffi¬ 
cient,”  says  Stephen  Von  Rump,  president 
and  CEO  of  Be  Here. 


Solution:  The  TotalView  conferencing  sys¬ 
tem  is  an  appliance  that  melds  VoIP  and 
videoconferencing.  The  camera/phone 
combo,  which  is  placed  in  the  center  of  the 
room,  captures  audio  and  video  from  the 
entire  room  and  streams  it  to  remote  partic¬ 
ipants.  Remote  attendees  can  individually 
navigate  the  camera  to  create  a  separate 
view  of  the  room  in  a  multipane  navigator. 
Users  can  also  access  instant  messaging, 
files  and  Windows  applications  to  share  in¬ 
formation  during  meetings. 

Electronic  Shelf  Label  (ESL)  System 

Company:  W5  Networks 
Web  site:  www.w5networks.com 
Details:  Wireless  shelf  tags,  access  points 
and  software  available  for  $3.50  per  label. 

Challenge:  Retailers, such  as  grocery  store 
chains,  spend  exorbitant  amounts  in  labor 
to  update  paper  shelf  labels.  A  typical 
supermarket  chain  manually  changes  thou¬ 
sands  of  paper  labels  each  week,  which  can 
cost  more  than  $100,000  per  store  per  year 
in  labor, according  to  Richard  White, CEO  of 
W5  Networks.  Manual  processes  lead  to 
accuracy  issues, as  prices  on  products  often 
do  not  match  shelf  tags. 

Solution:  W5  Networks  developed  the 
ESL  System  to  eradicate  the  need  for 
paper  shelf  labels.The  pro¬ 
prietary  wireless  net¬ 
work,  which  operates 
between  the  4.8-MHz  and 
5.6-MHz  frequency,  in¬ 
cludes  battery-powered 
LCD  shelf  displays, access 
points  and  back-end  soft¬ 
ware.  White  says  the  net¬ 
work  uses  an  alternate  fre¬ 
quency  from  Wi-Fi  and 
RFID  because  of  problems  with  interfer¬ 
ence.  “That  space  is  getting  crowded,  and 
many  retail  environments  are  running  hot 
spots  or  voice  over  IP  or  other  wireless 
applications,”  he  says.  The  server  taps  into 
pricing  information  that  is  regularly  down¬ 
loaded  to  stores  and  automatically  trans¬ 
mits  updates  to  the  tags  via  two-way  radio. 
White  says  the  automated  tagging  system 
also  allows  stores  to  offer  short-term  sale 


Trend  Micro's  Intercloud  Security  Service  aims  to  stop  botnet  and 
zombie  attacks. 


The  ESL  System  lets  retailers 
update  prices  on  items  faster. 


promotions  and  make  use  of  price  opti¬ 
mization  data. 

Genius  Interactive 

Company:  Genius.com 

Web  site:  www.genius.com 

Details:  Service  is  available  for  $69  per 
user  per  month. 

Challenge:  Company  Web  sites  are  often 
static, yet  salespeople  rely  on  those  pages  to 
help  sell  their  products.  “Salespeople  don’t 
have  visibility  into  how  their  prospects  are 
using  the  Web  site.They  don’t  know  what  is 
being  looked  at  or  considered,”  says  David 
Thompson,  CEO  of  Genius.com.Thompson 
says  high-end  CRM  tools  demand  a  lot  from 
IT  in  terms  of  development,  infrastructure 
and  management. 

Solution:  Genius  Interactive  is  an  AJAX- 
based,  on-demand  service  that  lets  com¬ 
panies  track  how  customers  are  using 
their  site  as  well  as  personalize  the  experi¬ 
ence  and  interact  with  them.  The  cus¬ 
tomer  clicks  on  a  link  and  the  browser 
kicks  off  the  dynamic  application,  which 
notifies  sales  representatives  via  e-mail  or 
SMS  that  the  customer  is  on  the  site.  The 
sales  representative  can  bookmark  prod¬ 
uct  pages  with  virtual  notes  or  special 
coupons,  or  chat  live  with  the  customer. 
The  customer’s  movements  are  tracked 
with  Genius.com’s  proxy  server. Thompson 
says  there  is  no  need  for  IT  involvement 
because  users  can  sign  up  for  the  service 
themselves.  However,  he  says  a  future  ver¬ 
sion  of  Genius  Interactive  will  empower  IT 
with  controls  to  make  sure  that  corporate 
policies  are  followed  and  that  the  data 
gathered  is  automatically  folded  into 
back-end  systems. 

Gittlen  is  a  freelance  technology  writer  in 
Northboro,  Mass.  She  can  be  reached  at  sgit 
tlen@charter.net. 
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first  quarter  of  2007.“We  are  deal¬ 
ing  with  the  largest  of  the  billing 
systems  upfront,”  Landry  says. 
“There  are  some  we  won’t  con¬ 
vert.  The  products  will  atrophy 
and  the  systems  will  rust  away 
over  time.” 

Landry  declined  to  say  which 
systems  will  rust  away, not  wanting 
to  confuse  customers.  The  four 
core  billing  systems  are  whole¬ 
sale,  a  “boutique  biller  for  ultra 
high-end  customers,”  a  local  ex¬ 
change  carrier  biller  and  a  data 
biller  that  will  cover  everything 
else,  he  says. 

But  before  Verizon  gets  down  to 
four  systems,  it  is  making  changes 
that  should  improve  billing  incre¬ 
mentally  These  include  standard¬ 
izing  on  one  data  format  for  col¬ 
lecting  bill  information,  integrat¬ 
ing  legacy  MCI  and  Verizon  cus¬ 
tomer  portals,  and  implementing 
a  new  contract  rate  review  plat¬ 
form  that  promises  to  improve 
accuracy 

Verizon  is  standardizing  on  a 
common  data  format  that  lets  it 
conduct  electronic  billing  across 


all  systems,  Landry  says.  VZ450,  a 
format  used  within  Verizon  pre¬ 
merger,  feeds  Verizon  Business’ 
portal,  bill  analysis  tool  and  elec¬ 
tronic  data  interchange  (EDI)  out¬ 
puts,  and  will  be  accessible  to  cus¬ 
tomers  via  programs  such  as  tele¬ 
com  expense  management 
(TEM)  software,  he  says. 

Customer  Liz  Friedman  is  en¬ 
couraged,  saying  it  would  be  nice 
to  get  one  bill  for  all  local  service. 

“I  [currently]  get  Verizon  bills 
from  all  of  the  separate  regional 
entities,”  says  Friedman,  a  net¬ 
work-provisioning  manager  at 
NYCE  Payment  Networks,  a 
Metavante  company  in  Secaucus, 
N.J.  “Verizon  New  Jersey,  Verizon 
New  England.  It  would  be  nice  to 
get  one  bill  for  all  local  service, 
she  says. 

“1  use  TEM  software,  so  if  I  could 
get  the  carriers  to  electronically 
bill  it  would  be  beautiful.  Even 
providing  data  on  a  CD  that  could 
be  uploaded  would  be  helpful,” 
Friedman  says.“We  are  going  to  be 
pounding  on  their  door  harder 
and  harder  to  get  that  done.” 

Verizon  says  by  November  cus¬ 
tomers  will  be  able  to  access  the 
new  information  at  the  company’s 


M It’s  nice  knowing  they  have  a  plan.** 

Larry  Van  Etten,  a  senior  manager  at  IKON  Office  Solutions' tele¬ 
com  service  center  in  Buffalo,  on  AT&T  merging  its  billing  systems 
with  those  of  SBC. 


portal  for  the  majority  of  its  busi¬ 
ness  services.  Also  by  then, Verizon 
will  be  doing  away  with  the  old 
MCI  customer  portal,  Landry  says, 
adding  that  customers  can  get  a 
better  understanding  of  their  total 
spend  when  accessing  data  from 
a  single  view. 

Verizon  also  is  developing  a 
National  Summary  Statement. 
This  will  be  a  total  cost  report 
that  is  more  geared  toward  gen¬ 
eral  business  management  than 
telecom  expense  managers, 
Landry  says. 

The  carrier  also  is  attempting  to 
simplify  how  it  processes  new 
and  revised  contract  rates  with  its 
billing  system. 

“We  will  see  the  benefit  .  .  . 
toward  the  end  of  next  year,” 
Landry  says.  The  carrier  goes 
through  110  processes  when 
doing  contract  rate  review  for 
an  invoice.  That  number  will  go 


Avocent:  Use  your  Blackberry 
to  manage  your  network 


BY  JENNIFER  MEARS 

KVM  switch  and  network  infra 
structure  management  firm 
Avocent  last  week  used  the 
Interop  conference  to  introduce  a 
revamped  version  of  SonicAdmin, 
which  gives  IT  administrators  the 
ability  to  fix  network  problems 
from  anywhere  via  a  mobile 
device. 

SonicAdmin  is  software  Avocent 
gained  through  its  acquisition  of 
Sonic  Mobility  in  2004.  While 
Avocent  has  offered  the  Sonic¬ 
Admin  package  in  the  past,  it  is 
now  announcing  a  version  com¬ 
pany  executives  say  will  simplify 
Windows  server  management. 

SonicAdmin  QR  (Quick  Re¬ 
sponse)  starts  at  about  $100  per 
user  and  SonicAdmin  Pro 
(Power  Admin)  starts  at  about 
$400  per  user. 

Both  products  enable  system  administrators  to 
gain  access  to  Windows  servers  according  to  their 
Active  Directory  rights,  all  via  a  Blackberry  or  any 
handheld  device  running  Windows  Mobile  5. 

Once  IT  administrators  have  access  to  a  server  they 
are  able  to  perform  a  range  of  activities  including 


Avocent's  SonicAdmin  lets  network 
administrators  use  their  mobile 
devices  to  fix  network  problems. 


viewing  overall  server  health  sta¬ 
tistics,  shutting  down  and  reboot¬ 
ing  servers,  reviewing  event  logs, 
killing  processes  and  managing 
Active  Directory  user  accounts. 

SonicAdmin  Pro  provides  addi¬ 
tional  capabilities,  such  as  direct 
access  to  Exchange  servers  in 
order  to  freeze  queues  should  a 
virus  cause  errant  e-mails,  for 
example,  or  to  change  user  pass¬ 
words. 

“Now  [with  SonicAdmin]  an 
administrator  is  not  only  able  to 
receive  e-mails  and  [Windows 
Systems  Management  Server] 
alerts  to  situations,  he’s  actually 
able  to  act  on  them  using  a 
mobile  device  to  do  his  job,”  says 
Kyle  Peterson,  director  of  product 
marketing  for  Avocent  Mobile 
Technologies. 

SonicAdmin  is  managed  by  the  SonicAdmin  serv¬ 
er,  which  runs  on  Windows  Server  2000  or  2003,  and 
relays  communication  between  the  mobile  device 
and  the  target  servers.  Wireless  communication  is 
encrypted  and  the  SonicAdmin  authenticates  each 
command  before  it  is  sent  to  the  target  server.  Agents 
do  not  need  to  be  installed  on  target  servers.  ■ 


down,  he  says.  “It  will  be  more 
about  building  quality  in  rather 
than  repeated  inspections,”  he 
says. 

AT&T's  plan 

AT&T  is  keeping  details  of  its 
plans  quieter.  The  company  de¬ 
clined  to  be  interviewed  for  this 
story,  providing  this  prepared 
statement: 

“Our  merger  integration  is  on 
track  and  ahead  of  schedule.  And, 
enterprise  customer  billing  inte¬ 
gration  is  no  different  than  any 
other  aspect  of  the  merger  inte¬ 
gration  in  that  respect,”  says  Ihor 
Zyga,  vice  president  of  billing 
solutions  for  AT&T“ ...  By  the  end 
of  [the  fourth  quarter  of  2006]  we 
will  begin  delivering  IT  capabili¬ 
ties  for  service  delivery,  assurance, 
and  billing  to  migrate  and/or  inte¬ 
grate  existing  legacy-SBC  cus¬ 
tomers  with  AT&T  enterprise  plat¬ 
forms.  And,  we  will  increase  capa¬ 
city  of  major  enterprise  ordering 
and  contracting  systems  to  sup¬ 
port  legacy-SBC  user  volumes. 
These  two  activities  will  provide 
the  greatest  impact  to  our  enter¬ 
prise  customers  from  a  billing 
standpoint.” 

The  carrier  is  telling  users  that 
the  SBC  electronic  billing  plat¬ 
form  is  being  phased  out  and  all 
e-billing  is  being  moved  to  legacy 
AT&T  systems.  It  shared  this  and 
other  billing  integration  plans  at  a 
user  group  meeting  for  TEM  ven¬ 
dor  Rivermine  in  mid-September, 
says  Larry  Van  Etten,  a  senior  man¬ 
ager  at  IKON  Office  Solutions’ 
telecom  service  center  in  Buffalo. 

“It’s  nice  knowing  they  have  a 
plan,”  he  says. 

Van  Etten  says  he  was  originally 
under  the  impression  that  SBC’s 
electronic  billing  platform  had 
won  out.“We  were  blown  awayfhe 
says.  “The  issue  for  us  is  we  were 


not  an  AT&T  customer.  They’re 
now  getting  us  back  by  default.” 

AT&T’s  plans  raise  questions  for 
others. 

“SBC  has  been  trying  forever  to 
get  an  e-billing  system  and  I  have 
not  been  able  to  accomplish  that 
with  them,”  NYCE’s  Friedman 
says.  “It  would  be  great  to  have 
electronic  billing  from  all  of  AT&T, 
but  I’m  hearing  from  AT&T  they 
don’t  see  this  coming  for  years." 

Since  the  merger,  the  carrier  has 
changed  the  company  name  on 
invoices  and  NYCE  has  seen  im¬ 
provements  in  circuit  implemen¬ 
tations  and  customer  service  on 
billing  issues,  Friedman  says.  But 
“as  far  as  e-billing  and  getting  ac¬ 
cess  to  all  services  on  AT&T  busi¬ 
ness  direct  [the  carrier’s  customer 
portal]  or  with  an  EDI  view  in  any 
combined  way  that’s  not  happen¬ 
ing,”  she  says. 

SBC’s  track  record  for  providing 
visibility  into  its  billing  and  other 
operations  hasn’t  been  strong, 
says  Rick  Valencia,  founder  and 
chairman  at  ProfitLine,  a  com¬ 
pany  that  offers  telecom  procure¬ 
ment  to  payment  services  for 
large  enterprise  companies. 

“No  one  will  believe  SBC  is 
working  on  a  converged  billing 
platform,” he  says.“We’re  waiting  in 
anticipation  to  see  what  it  will  be.” 

Van  Etten  has  asked  to  be  part 
of  AT&T’s  beta  program  to  have 
legacy  SBC  customers  migrate 
over  to  the  AT&T  platform.  IKON 
will  have  to  build  a  new  bill 
reader  so  the  AT&T  e-bills  can  be 
directly  fed  into  IKON’s  TEM  sys¬ 
tem  from  Rivermine.  After  that 
user  meeting,  IKON  got  in  touch 
with  its  AT&T  sales  representa¬ 
tives  to  discuss  the  beta  program 
and  learned  that  word  of  the 
billing  consolidation  plan  hadn’t 
trickled  down  to  all  of  them  yet, 
Van  Etten  says. 

The  office  supplies  company 
also  a  Verizon  customer,  has  been 
working  closely  with  that  carrier 
as  well  in  testing  out  its  e-billing 
system.  “We’re  taking  one  test  bill 
per  month,”  he  says.  “There’s  still 
work  ahead,  but  we  know  we’re 
making  progress.”® 


NEWS  ALERTS 


Hate  hunting  for  stories  on  a  specific  topic?  Let  the  news  come  to  you  with 
Netwrt  Hfcnfcft  latest  news  alerts  —  with  focuses  on  security,  financials, 
standards,  trade  show  news  and  vendor-specific  news. 

www.networkworld.com  Sign  up  today  DocTindor:  1M2 


wmmTi 


Fastlron  SuperX 


PJJ TJ 

:  Q', 

FT  TfWi 

i±Trrn 

smH 

FTTlTTl 

«> 

ft 

L  Til  ITj 

0 

0 

r  i  t  i  t  t  ~t 

l.Xj 

nriiui 

ft 

rtTlIij 

|F  YOU’RE  CONSIDERING  VOICE  OVER  IP  TELEPHONY,  CONSIDER  YOUR  OPTIONS: 

■  ONLY  FOUNDRY  NETWORKS  GIVES  YOU  A  TRUE  VENDOR  AGNOSTIC  SOLUTION  THAT 

■ 

WORKS  WITH  THE  EQUIPMENT  YOU  CHOOSE  -  OR  ALREADY  HAVE.  SO  WHETHER 

YOU’RE  USING  AVAYA,  SIEMENS,  CISCO  OR  NORTEL,  FOUNDRY  NETWORKS  GIVES 
VOICE  TO  YOUR  NETWORK! 


Foundry’s  integrated  Power  over  Ethernet-  and  Quality  of  Service-based  switches  deliver  the  most  scalable,  secure  VoIP 
architecture,  with  the  lowest  latency  and  highest  performance  for  both  wired  and  wireless  IP  telephony.  Foundry  sup¬ 
ports  all  the  VoIP  features  you  need,  including  automatic  phone  discovery,  embedded  endpoint  security,  dynamic  L2-3 
QoS  support  and  wireless  mobility.  And  only  Foundry  lets  you  select  best-of-breed  or  low-cost  IP  phones,  conferencing, 
PBX,  and  voice/media  gateway  solutions  and  be  assured  of  full  compatibility. 

Want  VoiP?  Get  Foundry.  No  Compromise. 

Visit  us  Today  at  www.foundrynetworks.cqm/voip 

OR  CALL  US:  1  SSS  TURBOLAN  INTERNATIONAL-.  +1  408.586.1700 


FOUNDRY* 

NETWORKS 

The  Power  of  Performance™ 


Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching,  routing  and  Web  traffic  management  solu¬ 
tions  including  Layer  2/3  LAN  switches. 

Layer  3  Backbone  switches.  Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers. 

©  2005  Foundry  Networks,  the  Foundry  logo,  Fastlron  SuperX,  The  Power  of  Performance  and  Foundry  are  trademarks  of  Foundry  Networks,  Inc. 

All  other  marks  are  trademarks  of  their  respective  owners. 
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STORAGE 


Deduplication:  Stop  repeating  yourself 

New  storage  techniques  can  save  disk  space  and  speed  backups. 


Getting  rid  of  repetition 

A  variety  of  vendors  employ  data  deduplication  or  reduction 

in  their  appliances.  *n"''ne  ?r  I108*' 

processing 

Company/software  Where  software  runs  implementation 


ADIC  /Rocksoft  Blocklets 

Deployed  with  other  vendors'  storage  appliances. 

Either 

Asigra  /Televaulting 

Windows,  Linux  or  Unix  server 

In-line 

Avamar/Commonality  Factoring 

Axion  appliance 

In-line 

Copan  Systems/future  product 

Revolution  Appliance 

Postprocessing 

Data  Domain/Capacity  Optimized 
Storage  (COS) 

DD400  Enterprise  Series  or  DDX  Scalable  COS 
Array 

In-line 

Diligent/Hyperfactor 

ProtecTIER  virtual  tape  library  appliance 

In-line 

Falconstor/Single  Instance 
Repository 

Used  on  virtual  tape  libraries  from  EMC,  IBM, 
McData,  Sun. 

In-line 

Microsoft/Single  Instance 
Storage 

Windows  Storage  Server  R2  appliances 

In-line 

Sepaton/DeltaStor 

S2100-ES2  virtual  tape  library  appliance 

Postprocessing 

Data  deduplication,  data  reduction, 
commonality  factoring,  capacity 
optimized  storage  —  whatever  you 
call  it  —  is  a  process  designed  to 
make  network  backups  to  disk  faster  and 
more  economical. 

The  idea  is  to  eliminate  large  amounts  of 
redundant  data  that  can  chew  up  disk 
space.  Proponents  also  say  it  enables  you  to 
make  more  data  available  online  longer  in 
the  same  amount  of  disk. 

In  deduplication,  as  data  is  backed  up  to 
a  disk-based  virtual  tape  library  (VTL) 
appliance,  a  catalog  of  the  data  is  built.This 
catalog  or  repository  indexes  individual 
bits  of  data  in  a  file  or  block  of  information, 
assigns  a  metadata  reference  to  it  that  is 
used  to  rebuild  the  file  if  it  needs  to  be  re 
covered  and  stores  it  on  disk.  The  catalog 
also  is  used  on  subsequent  backups  to 
identify  which  data  elements  are  unique. 
Nonunique  data  elements  are  not  backed 
up;  unique  ones  are  committed  to  disk. 

For  instance,  a  20-slide  PowerPoint  file  is 
initially  backed  up. The  user  then  changes  a 
single  slide  in  the  files,  saves  the  file  and  e- 
mails  it  to  10  counterparts.  When  a  tradi¬ 
tional  backup  occurs,  the  entire  PowerPoint 
file  and  its  10  e-mailed  copies  are  backed 
up.  in  deduplication,  after  the  PowerPoint 
file  is  modified,  only  the  unique  elements 
of  data  —  the  single  changed  slide  —  is 
backed  up,  requiring  significantly  less  disk 
capacity. 

“The  data-reduction  numbers  are  great,” 
says  Randy  Kerns,  an  independent  storage 
analyst.“Most  vendors  are  quoting  a  20-to- 
1  capacity  reduction  by  only  storing 
uniquely  changed  data.” 

Data  deduplication  uses  a  couple  of 
methods  to  identify  unique  information. 
Some  vendors  use  a  cryptographic  algo¬ 
rithm  called  hashing  to  tell  whether  data  is 
unique.The  algorithm  is  applied  to  the  data 
and  compared  with  previously  calculated 
hashes.  Other  vendors, such  as  Diligent,  use 
a  pattern-matching  and  differencing  algo¬ 
rithm  that  identifies  duplicate  data.  Diligent 
says  this  method  is  more  efficient,  because 
it  is  less  CPU-  and  memory-intensive. 

Data  deduplication  software  is  being 
deployed  either  on  disk-based  backup 
appliances  or  VTL  boxes  that  emulate  the 
operations  of  a  tape  library.  Among  the  ven¬ 
dors  implementing  deduplication  on  de¬ 
vices  appliances  are  Asigra.Avamar,  Copan 
Systems,  Data  Domain,  Diligent,  Exagrid 


and  Sepaton.  Vendors  such  as  ADIC  (since 
acquired  by  Quantum),  Falconstor  and 
Microsoft  provide  deduplication  software 
for  implementation  on  other  vendors’  in¬ 
dustry  standard  servers  or  appliances. 

Kevin  Fiore,  vice  president  and  director  of 
enterprise  engineering  at  Thomas  Weisel 
Partners  in  Boston,  has  seen  the  advantages 
of  deduplication. 

“We  were  looking  to  replace  our  tape 
backup  environment  and  get  rid  of  the 
problems  associated  with  tape,”  says  Fiore, 
who  uses  six  Data  Domain  DD4000  Enter¬ 
prise  Series  disk-based  backup  appliances. 

“To  get  30  days  of  backup  data  online,  we 
were  looking  at  having  to  buy  60  to  80  tera¬ 
bytes  of  disk,” Fiore  says.“With  Data  Domain 
disk-based  appliance,  the  worst  we  get  is  a 
compression  ratio  of  19-to-l.On  one  site  we 
get  a  39-to-l  compression  ratio.” 

Fiore  says  that  deduplication  is  also  help¬ 
ing  him  redefine  how  he  treats  his  data. 

“Now  we  can  keep  data  online  for  40  to  45 
days,”  Fiore  says. “The  data  we  would  need 
to  restore  —  the  databases  or  Exchange 
data  —  is  now  online  longer  and  the  data 
we  wouldn’t  retrieve  isn’t. 

“Another  reason  for  deduplicating  data  is 
to  reduce  the  amount  of  data  being  repli¬ 
cated  across  sites  for  disaster  recovery 

James  Wonder,  director  of  online  technol¬ 
ogy  for  the  American  Institute  of  Physics  in 
Melville,  N.Y,  backs  up  and  replicates  data 


to  another  site. 

“One  of  the  main  reasons  i  bought 
Sepaton’s  VTL  is  their  road  map  for  dedu¬ 
plication,”  says  Wonder,  who  backs  up  20TB 
of  data. 

“To  replicate  data  to  another  site  takes  a 
pretty  big  pipe.  With  Sepaton’s  DeltaStor 
[deduplication] ,  we  don’t  need  to  have  a 
huge  pipe,  because  we  are  replicating  less 
data  over  time.”  Sepaton’s  deduplication, 
which  resides  on  its  S2100-ES2  VTL  appli¬ 
ance,  is  in  beta  test  and  scheduled  to  be 
available  in  December. 

Steven  Bilby  director  of  IT  for  the  Chero¬ 
kee  Nation  Enterprises  Catoosa,  Okla.,  is  an 
Avamar  customer,  who  also  uses  dedupli¬ 
cation  to  reduce  the  amount  of  data  he 
backs  up.  He  says  he  hopes  to  build  repli¬ 
cation  capability  to  a  remote  disaster-recov¬ 
ery  site  in  Tahlequah,  Okla.,  next  year. 

“The  commonality  factoring  reduces  the 
amount  of  data  we  back  up  and  replicate,” 
says  Bilby,  who  is  backing  up  6TB  of  data. 
“Once  we  did  the  full  backup  and  then  sub¬ 
sequent  backups,  we  saw  a  reduction  in  the 
data  we  were  backing  up  of  99%. 

Dedupe  differentiation 

Data  deduplication  differs  from  compres¬ 
sion  in  that  compression  looks  only  for  re¬ 
peating  patterns  of  information  and  re¬ 
duces  them.  Brad  O’Neill,  senior  analyst 
with  the  Taneja  Group,  offers  this  example: 


The  pattern  of  data  ‘1234123412341234 
12341234’ would  be  compressed  to ‘6  1234’ 
or  6x1234  —  a  fivefold  compression  of  24 
digits.  Data  duplication  would  result  in  re¬ 
ducing  the  unique  data  initially  to  four  dig¬ 
its  —  1234  —  and  subsequent  backups 
would  recognize  that  no  additional  unique 
data  was  being  transmitted, so  it  would  not 
be  backed  up. 

Deduplication  also  differs  from  incre¬ 
mental  backups  in  that  only  the  byte-level 
changes  are  backed  up.  In  incremental 
backups,  entire  files  or  blocks  of  informa¬ 
tion  are  backed  up  when  they  change.  For 
instance,  in  a  file,  a  user  changes  the  single 
word  ‘Bob’  to  ‘Steve’  and  saves  the  file.  When 
the  system  backs  up  this  data  incrementally 
rather  than  just  backing  up  the  unique  data 
—  ‘Steve’  —  it  backs  up  the  entire  file.  Data- 
deduplication  technology  would  recognize 
that ‘Steve’  is  the  only  unique  element  of  the 
file  and  thus  back  it  up  solely 

The  size  of  the  catalog  and  cache  are  also 
important  in  differentiating  deduplication 
products. 

“The  efficiency  of  deduplication  technol¬ 
ogy  all  comes  down  to  how  the  index  is 
architected  and  how  large  it  is, ’’O’Neill  says. 
“For  instance,  Diligent  spends  a  lot  of  time 
talking  about  the  speed  and  size  of  its 
index  —  that  it’s  small  and  resides  com¬ 
pletely  in  RAM.” 

Data  deduplication  takes  place  by  two 
methods  —  in-line  or  postprocessing.  With 
in-line  processing,  data  is  deduplicated  as  it 
is  backed  up;  in  postprocessing,  data  is  de¬ 
duplicated  after  it  is  backed  up. 

Analysts  say  there  is  not  much  difference 
in  the  outcome  between  using  either 
method. 

“The  in-line  vendors  make  claims  about 
performance  and  scalability;  the  postpro¬ 
cessing  vendors  are  generally  making  the 
same  claims,”  O’Neill  says.  “From  every¬ 
thing  1  see.it  comes  down  to  the  particular 
workload  profile  of  the  user.  One  of  the  dis¬ 
advantages  of  postprocessing  is  it  can 
potentially  extend  the  time  it  takes  to 
backup  the  data.” 

ADIC,  Asigra,  Avamar,  Data  Domain, 
Diligent,  Falconstor  and  Microsoft  all  use  in¬ 
line  processing;  Copan  and  Sepaton  use 
postprocessing. ADIC  can  use  either.* 

STORAGE 
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BE  PREPARED.  FOR  A  FREE  COPY  OF  “SUNGARD'S  PANDEMIC  PREPAREDNESS  CHECKLIST’' 
VISIT  WWW.AVAILAB1LITY.SUNGARD.COM/PANDEMIC  OR  CALL  1-800-468-7483; 


Quick,  take  a  snapshot.  Suddenly  part  of  your  IT 
infrastructure  is  inaccessible.  What  happens  to 
your  business? 

SunGard’s  advanced  recovery  solutions  help  get 
you  back  up  and  running.  Fast.  We  provide 
extensive  options  to  fit  your  exact  requirements, 
from  tape  or  disk  backup,  to  data  replication, 
mirroring,  hotsites,  mobile  solutions  and  more. 

Meet  your  objectives  with  confidence.  For  over 
28  years,  through  2,100  recovery  situations, 
we’ve  delivered  a  100%  success  rate.  With 
solutions  that  achieve  precise  recovery  time- 
frames,  locations  and  data  points. 

And  you  can  maintain  that  control  as  your 
business  evolves.  With  access  to  some  of  the 
most  extensive  data,  system  and  network 
resources  available  anywhere.  Reach  higher 
levels  of  Information  Availability,  at  a  fraction  of 
the  cost  of  building  the  infrastructure  yourself. 

The  right  solution  for  today.  Strong  preparation 
for  tomorrow.  Let  SunGard  show  you  how  to 
expect  the  unexpected. 


SUNGARD8 

Availability  Services  Connected ™ 

680  East  Swedesford  Road,  Wayne  PA  19087 
800-468-7483  |  www.availability.sungard.com 


ADVERTISING  FEATURE 


44  •  www.networkworld.com  •  9.25.06 


In  Their 

WORDS 

Vendor  Solutions  for  Your  IT  Challenges 

COMPANY:  Netcordia 

OVERVIEW:  Founded  in  2000,  Netcordia  develops 
NetMRI,  an  automated  Best  Practices  based  network 
management  appliance.  NetMRI  is  the  most  comprehen¬ 
sive,  fully  integrated  network  diagnostic  tool  for  enter¬ 
prise  and  government  networks. This  plug  and  play  unit 
allows  a  network  engineer  to  easily  and  quickly  identify 
issues  with  respect  to  VoIP,  configuration  compliance, 

VLAN,  and  IP  within  the  network. 

CHALLENGE:  As  technology  is  becoming  an  integral 
part  of  everyday  business,  enterprises  are  placing  more 
rigorous  demands  on  their  networks,  expecting  high 
reliability,  rapid  response  time,  consistency  and  compli¬ 
ance.  These  demands  have  network  engineers  searching 
for  a  way  to  proactively  and  cost-effectively  manage  the 
network  infrastructure  without  utilizing  too  much  staff 
time  and  energy. 

SOLUTION:  Netcordia  provides  the  solution  with 
NetMRI,  an  award-winning  network  analysis  appliance 
that  goes  beyond  reporting  to  provide  analysis  based 
upon  expert  rules  and  best  practices.  With  NetMRI,  net¬ 
work  managers  can  optimize  their  networks,  pinpointing 
and  solving  present  and  potential  hot  spots.  What  may 
have  previously  taken  numerous  IT  professionals  hun¬ 
dreds  of  hours  to  uncover,  a  single  NetMRI  unit  now  easily 
finds  in  minutes. 

Monitoring  and  network  management  tools  typically 
capture  statistics  from  interfaces,  links  and  protocols, 
draw  maps  and  graphs  and  send  real  time  alerts  about 
fault  conditions.  NetMRI  correlates  the  statistics  and 
applies  rules  of  logic  for  troubleshooting  in  a  useful 
browser-based  view  or  report.  NetMRI  takes  the  next  step 
with  its  configuration  capabilities  that  allow  customers  to 
automatically  fix  problems,  and  create  their  own  custom 
best  practices.  NetMRI  establishes  accuracy,  integrity  and 
reliability  in  significantly  less  time  than  legacy  offerings. 

•  DiagnosticBase™  best  practices  built  in 

•  Automatically  discovers  entire  infrastructure, 
analyzes  it,  and  makes  suggestions 

•  Easy  to  understand,  self  running 

•  Low  total  cost  of  ownership 

Netcordia" 

NetMRI’ 

410-266-6161 

www.netcordia.com 


COMPANY:  The  Siemon  Company™ 

OVERVIEW:  Established  in  1903,  Siemon™  special¬ 
izes  in  the  manufacture  and  innovation  of  high- 
performance  network  cabling  solutions.  One  of  only 
three  network  cabling  companies  with  true  global 
capabilities,  Siemon  offers  the  most  comprehensive 
suite  of  copper  and  fiber  cabling  systems  available. 

With  over  400  active  patents  specific  to  structured 
cabling,  Siemon  Labs™  invests  heavily  in  R&D  and 
industry  standards,  underlining  the  company's  long¬ 
term  commitment  to  its  customers  and  the  industry. 

CHALLENGE:  According  to  the  London  Metal 
Exchange,  the  price  of  copper  has  tripled  in  the  past 
four  years,  rising  over  59%  between  January  and  May 
of  2006  alone.  With  copper  prices  soaring  globally  and 
showing  little  signs  of  stabilizing,  network  cabling  com¬ 
panies  have  been  forced  to  adjust  copper  cable  pricing 
accordingly. 


SOLUTION:  Through  the  standards-accepted  practice 
of  cable  sharing,  Siemon's  fully-shielded  category  7/class 
FTERA®  cabling  system  allows  up  to  4  applications  to 
run  over  a  single  cable,  potentially  reducing  the  num¬ 
ber  of  copper  cabling  channels.  By  virtue  of  individually 
foil-wrapped  pairs  and  overall  screen,  S/FTP  cable  allows 
multiple  applications  to  run  without  internal  interference. 

S/FTP  cable  construction  is  further  supported  by  the 
TERA  4-quandrant  isolated  outlet  which  can  be  easily 
terminated  in  less  than  3  minutes.  Fitting  within  a  stan¬ 
dard  RJ  footprint,  the  combination  of  theTERA  outlet 
and  TERA  to  RJ  patch  cords  allows  simple  facilitation  of 
cable  sharing.  As  with  traditional  cabling  channels,  all 
four  pairs  of  each  cable  are  terminated  in  a  single  outlet. 
However,  unlike  an  RJ  interface,  theTERA  outlet  can 
support  up  to  4  one-pair  cords,  2  two-pair  cords  or  a 
combination  of  the  two,  without  the  need  for  additional 
splitters  or  adapters. 


Depending  on  the  applications,  a  singleTERA  cable  can 
replace  up  to  4  copper  channels.  With  copper  prices 
significantly  raising  the  cost  of  cable,  this  reduction  in 
total  cable  runs  can  provide  an  immediate  cost  benefit. 

Siemon's  in-depth  whitepaper  detailing  the  practice  of 
cable  sharing  is  available  online  at  www.siemon.com 
or  at  www.networkworld.com. 


S  I  E  M  O  I\f 


800-945-4200 

www.siemon.com 


E-MAIL  NEWSLETTER  SHOWCASE: 

Branch  office  best  practices 

PacketShapers 
address  small 
branches 

BY  ROBIN  GAREISS 

Numerous  vendors  are  addressing  branch-office  needs 
but  affordable,  yet  functional,  products  for  small  branch 
sites  still  are  in  short  supply 

Packeteer  last  week  introduced  new  PacketShapers,  the 
1400  Lite  and  1400,  that  are  designed  for  small  branches,  or 
those  that  don’t  have  a  large  number  of  applications  to 
manage  and  optimize. 

There  are  three  key  features  I  like  about  the  new  line: 
First.it  includes  compression, application  acceleration  and 
visibility  into  application  usage.  Second,  the  product  starts 
at  $1,500  for  visibility;  adding  controlled  compression  and 
acceleration  increases  costs  to  $3,500.Third,  it  comes  with 
a  software  key  upgrade  feature  that  lets  customers  increase 
features  without  having  to  buy  and  install  a  new  device. 

The  1400  Lite  handles  up  to  64  application  classes  and 
track  various  metrics  that  indicate  performance  problems 
—  basically,  a  good  product  for  retail  sites  or  perhaps  small 
satellite  corporate  offices.The  1400  handles  up  to  256  app 
classes,  and  provides  more  reporting  features,  so  it’s  more 
applicable  for  a  bank  branch,  for  example. WAN  bandwidth 
rates  for  either  are  up  to  2Mbps. 

With  a  software  key  customers  can  upgrade  the  1400  Lite 
to  the  1400.  With  its  previous  products,  customers  had  to 
replace  the  Packeteer  1200  with  the  1550  device.  Naturally, 
the  problem  with  a  hard  upgrade  is  the  operational  costs 
that  go  along  with  the  installation  and  setup. 

Packeteer  is  challenged  these  days  in  a  market  it  effec¬ 
tively  established  and  owned  for  a  few  years.  Now,  numer¬ 
ous  vendors  are  making  products  in  the  WAN  optimization 
and  application  acceleration  space,  including  Juniper 
(which  has  re-tooled  the  former  Peribit  and  Redline  prod¬ 
ucts), Expand  Networks, Cisco, and  Citrix  (which  now  owns 
Orbital  Data),  among  many  others. 

Packeteer  needs  to  keep  its  products  from  becoming 
stale  in  an  increasingly  crowded  field  of  branch-office 
players. 

We  definitely  will  see  continued  consolidation  in  the 
branch-office  product  market,  particularly  as  vendors 
combine  optimization  with  other  gear. Cisco  and  Nortel, for 
example,  are  adding  a  growing  list  of  features,  including 
optimization  and  wide-area  file  sharing,  into  their  all-in-one 
products  for  the  branch. 

For  organizations  that  simply  want  optimization  at  small 
branch  offices,  Packeteer’s  latest  product  provides  decent 
capabilities  at  an  affordable  price. 

But  those  who  want  optimization  wrapped  into  other 
capabilities  will  need  to  look  at  other  vendors,  such 
as  Cisco  or 
NetDevices. 

Gareiss  is  executive 
vice  president  and 
senior  founding  part¬ 
ner  for  Nemertes 
Research.  She  can  be 
reached  at  robin@ 
nemertes.com. 
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YOUR  NETWORK  APPLICATIONS 
ARE  ALWAYS  ON. 

NEVER  STUCK  IN  TRAFFIC. 
NEVER  SICK  FROM  BAD  SEAFOOD 
AND  NEVER  HAVE  "A  MOMENT. 
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OVERACHIEVE. 


F5  gives  you  access  to  your  network  applications 


anytime,  anywhere.  Plus,  they'll  run  65%  faster 


on  average  while  remaining  safe  and  secure. 

The  F5  mission  is  to  make  your  applications 
do  what  they  were  designed  to  do:  perform. 

More  than  10,000  organizations  around 
the  world  overachieve  with  F5.  Can  yours? 


THE  WORLD  RUNS  BETTER  WITH  F5 


WWW.F5.COM 
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Accelerate  Your  Network. 

Achieve  superior  results. 


■  Reliable  international  infrastructure 
and  capabilities 

■  Commitment  to  service  excellence 

■  Unmatched  access  to  Asia 


E-MAIL  NEWSLETTER  SHOWCASE:  Service  provider  news  report 

Emergency  services  to 

f[et  broadband  speeds  in 
rat-moving  vehicles 


BY  CAROLYN  DUFFY  MARSAN 

New  York  City  is  building  the  first  wire¬ 
less  network  capable  of  providing  true 
broadband  speeds  to  fast-moving  vehi¬ 
cles  such  as  police  cars  and  fire  trucks. 

New  York  City  officials  awarded  the 
five-year,  $500  million  wireless  project  to 
Northrop  Grumman  this  month  (see 
story  at  www.nwdocfinder.com/5323). 
The  network  will  be  available  in  all  five 
burroughs  of  New  York  City  in  18 
months. 

“No  other  city  in  the  world  is  doing 
what  New  York  City  is  doing,”  says  Paul 
Chelson,  program  director  of  New  York’s 
Citywide  Mobile  Wireless  Network 
Project  for  Northrop  Grumman.  “The 
ability  to  move  broadband  wireless 
mobile  data  to  anybody,  anywhere  in  the 
street,  even  while  moving  at  high  speed, 
is  something  that’s  revolutionary.” 


tern.  Cisco  will  provide  IP  switches  and 
routers. 

Northrop  Grumman  won  the  New  York 
City  project  after  successfully  demon¬ 
strating  a  prototype  system  in  Lower 
Manhattan,  which  is  a  difficult  location 
because  of  its  many  tall  buildings.  City 
officials  spent  three  months  evaluating 
the  Northrop  Grumman  and  Motorola 
prototypes  for  security,  reliability  and 
redundancy. 

“They  wanted  the  systems  to  support 
mobile  communications  at  up  to  70 
miles  an  hour,  and  very,  very  few  tech¬ 
nologies  support  that  kind  of  mobility” 
Chelson  says.  “They  wanted  very  high 
bandwidth  on  the  street.  They  wanted  it 
to  be  manageable,  and  they  wanted  it 
never  to  go  down.” 

Northrop  Grumman  officials  said  the 
New  York  City  wireless  project  is  being 


■  MPLS  worldwide  reach  with  coverage 
to  over  70  countries 

Contact  us  today  to  transform  your  network: 

networkworldfapccwglobal.com 


“The  ability  to  move  broadband  wireless  mobile 
data  to  anybody,  anywhere  is  something 
revolutionary.” 

Paul  Chelson,  program  director  of  New  York’s  City  wide  Mobile  Wireless  Network  Project  for 

Northrop  Grumman 


703.621.1600  www.pccwglobal.comi  NYSE:  PCW 


New  York  City’s  new  wireless  network 
will  provide  high-speed  data  and  video 
communications  to  police,  fire,  trans¬ 
portation  and  other  agencies  responsi¬ 
ble  for  emergency  response. 

The  network  will  use  IP  and  other 
Internet  standards  to  ensure  interoper¬ 
ability  with  New  York  State  and  federal 
agencies. 

The  losing  bidder  on  the  New  York  City 
wireless  network  was  Motorola. 

Northrop  Grumman’s  system  is  built 
around  radio  access  nodes  and 
modems  from  IPWireless.The  IPWireless 
gear  supports  the  3G/Universal  Mobile 
Telecommunications  System  standards 
popular  in  Europe  and  Asia. 

“IPWireless  is  deployed  in  many  parts 
of  the  world,  but  there  are  not  many 
installations  in  the  [United  States],” 
Chelson  says,  adding  that  the  company 
has  networks  deployed  in  New  Zealand, 
the  Czech  Republic  and  Japan. “In  South 
Africa,  the  whole  country  uses  an 
IPWireless  network.” 

Two  carriers  —  Sprint  Nextel  and 
Transvideo  Communications  —  will  pro¬ 
vide  the  spectrum  needed  for  the  sys- 


closely  watched  by  other  U.S.  cities. 

“New  York  will  turn  into  a  showcase  for 
every  other  major  city  to  follow  with 
great  detail,”  Chelson  says.“A  lot  of  cities 
will  be  wanting  to  follow  their  lead.” 

Chelson  says  the  challenge  with  the 
New  York  City  wireless  network  isn’t  with 
the  IPWireless  technology,  which  per¬ 
formed  well  during  its  tests  in  Lower 
Manhattan.  Instead,  he  says  the  trick  will 
be  scaling  the  network  across  the  entire 
city  in  the  required  timeframe. 

“It’s  the  usual  challenges  of  program 
management,”  Chelson  says. 

Northrop  Grumman  has  built  public 
safety  networks  for  other  government 
agencies  including  the  state  of  Ohio  and 
the  United  Kingdom.  ■ 
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Each  week  Network  World  delivers  an 
extensive  line-up  of  product,  service  and 
industry  news,  analysis,  case  studies,  buyer 
guides,  expert  opinion  and  management 
advice  that  Network  IT  Executives  rely  on 
to  get  their  job  done. 

Your  FREE  subscription 
will  include ... 

•  New  product  information  and  reviews  that  break 
through  vendor  hype  and  put  you  in  control  of  your 
technology  purchases 

•  Implementation  strategies  and  security  tips  and  tricks 
that  you  can  use  to  improve  your  infrastructure  and 

boost  your  company's  competitive  standing 

I 

•  Tried-and-true  management  strategies  to  help  you 
boost  your  network  career 

\ 

•  An  insider's  view  on  how  your  competitors  are  using 
new  technology  to  their  business  advantage 

Plus  our  Special  Signature  Series 
Issues — Each  Signature  Series  issue  provides  insights, 
opinions  and  information  on  an  important  aspect  of  the 
industry  to  give  you  the  clearest  picture  of  the  current 
trends  and  trendsetters  in  the  Network  IT  market. 


To  subscribe  visit: 

apply,  nww.com/free05 
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Networked  multifunction  products 
score  big  by  consolidating  print,  scan, 
copy,  and  fax  funct  ionality 

BY  ROSEANN  MCGRATH  BROOKS 

\  JfiKf 


HEN  ITS  PRINTERS  REACHED  THE  END  OF  THEIR 
life  cycle,  a  health  clinic  organization  in  the  Midwest 
United  States  took  the  opportunity  to  examine  its  over¬ 
all  workflow  processes  to  determine  how  it  could  save 
money.  The  prescription?  Networked  multifunction  products  (MFPs), 
peripherals  that  combine  the  capabilities  of  printing,  copying,  scanning, 
and  faxing  into  one  machine. 

By  consolidating  document  management  functions,  the  health  clinic 
organization  reduced  its  number  of  printers  from  io  to  two  per  office. 
And  by  using  the  scanning  functionality  of  the  new  devices,  the  organi¬ 
zation  reduced  printer  output  by  80  percent  in  nine  months. 

"Cost  savings  are  the  most  obvious  benefits  of  MFPs,”  explains  Peter 


Grant,  managing  vice  president  with  Gartner  Inc.  in  Stamford,  Conn., 
which  consulted  with  the  health  clinic  on  its  print  and  workflow  strategy. 
“Not  only  do  you  spend  less  by  moving  page  volumes  through  one 
device,  but  you  also  save  on  supplies,  such  as  ink  and  paper,  and  you 
rationalize  your  suppliers.” 

Peter  FHendrick,  vice  president  of  marketing  at  Kyocera  Mita  America 
in  Fairfield,  N.J.,  agrees.  “Investing  in  an  MFP  rather  than  four  separate 
devices  for  printing,  scanning,  copying,  and  faxing  not  only  saves 
money  and  valuable  office  space,  but  [also]  eases  the  burden  on  a  com¬ 
pany’s  MIS  department,”  he  says.  “An  MFP’s  compact  design  can  meet 
the  growing  needs  of  today’s  office  environment  while  offering  speed, 
reliability,  and  versatility  at  a  low  total  cost  of  ownership  [TCO].” 
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Streamlined  Business  Processes 


iTag  from  Kyocera  offers 
scalable 
management 


How  can  scanning  be  used  to  further 

increase  both  workplace  efficiency  and 
the  bottom  line?  By  utilizing  the  scan 
functionality  of  most  multifunctional  products 
(MFPs)  in  conjunction  with  an  effective,  reli¬ 
able,  and  cost-effective  document  manage¬ 
ment  solution,  companies  can  significantly 
streamline  their  business  processes  and  cut 
down  on  expenses. 

Prior  to  the  introduction  of  scanning,  office 
workers  spent  an  exorbitant  amount  of  time 
and  money  managing  paper,  then  sharing 
these  paper  documents  around  the  world  by 
faxing  long  distance  or  via  courier  services. 
Thanks  to  the  convenience  of  scanning  directly 
from  a  multifunctional  product,  users  can  easi¬ 
ly  scan  important  documents  to  a  variety  of 
virtual  locations  including  a  PC,  email,  FTP 
site,  and  network  folder  or  a  comprehensive 
document  management  system. 
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/I  Kyocera’s  iTag  is  a 

f  L4  vl  scalable  yet  easy-to-use 
Don't  file  it,  Tag  it  comprehensive  document 

management  solution  ideal  for  smaller  busi¬ 
nesses  and  departments.  It  allows  users  to 
capture  hardcopy  documents  directly  from  the 
MFP  and  index,  store,  retrieve,  and  share  them 
electronically  quickly  and  efficiently. 

iTag  integrates  with  select  Kyocera  MFPs  and 
ships  with  the  iTag  Validation  Station,  a  Dell™ 
server  preloaded  with  iTag  software,  Microsoft 
Windows®  SharePoint  Services  document 
repository,  and  one  MFP  device  connection  for 
out-of-the-box  functionality  and  quick  imple¬ 
mentation.  Administrators  can  manage  docu¬ 
ment  security  while  users  have  the  flexibility 
and  customization  they  need  to  get  their  work 
done  efficiently  and  productively. 

“IDC  believes  companies  that  integrate 
scanning  as  a  tool  for  document  management 


Equipped  with  a  Dell™  Server,  iTag  Validation  Station 
and  Microsoft  Windows®  SharePoint  Services,  iTag 
makes  it  simple  to  capture,  store,  retrieve,  and  share 
electronic  documents. 

and  distribution  can  gain  a  number  of  bene¬ 
fits,  including  easier  access  to  information, 
greater  worker  productivity,  less  of  a  need  for 
paper  document  storage  or  faxing,  as  well  as 
many  other  advantages,”  says  Keith  Kmetz, 
program  director,  hardcopy  peripherals  solu¬ 
tions  and  services,  IDC. 

For  more  information  on  iTag  and  Kyocera’s 
document  management  solutions,  visit 
www.kyoceramita.com. 
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Common  network  driver. 


"#1  Copier/Multifunction  Product  in  Overall 
Customer  Satisfaction  Among  Business  Users" 

-According  to  J.D.  Power  and  Associates 


Uncommon  simplicity. 


For  IT  Professionals:  Reliable,  High  Performing  Printers  and  MFPs 

Kyocera's  complete  line  of  MFPs  and  printers  utilize  a  common  driver  and  a  common  user  interface. 
This  makes  life  simpler  and  more  efficient  for  IT  professionals  and  more  productive  for  users.  We  call 
it  Network  Reliability,  and  that's  one  of  the  ways  we  help  business  meet  strategic  goals  and  produce 
cost-effective  document  solutions.  Kyocera  is  your  answer  for  image  management,  network  diagnostic 
utilities  and  a  complete  suite  of  document  security  solutions. 

That's  the  power  of  People  Friendly.  Learn  more:  www.kyoceramita.com 

The  New  Value  Frontier 
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KNOW  WHAT’S  WHAT 

To  realize  that  low  TCO,  however,  you  need  to  first  audit  your  current 
document  workflow  behavior  and  examine  what  you  want  your  output  to 
look  like  in  the  future.  “With  the  aid  of  a  document  management  expert, 
companies  need  to  examine  inefficient  document  processes  and  deter¬ 
mine  the  best  way  to  make  them  as  cost-effective  as  possible,”  says  Keith 
Kmetz,  program  director  at  I  DC  in  Framingham,  Mass. 

You  can  then  use  that  knowledge  to  determine  what  MFP  capabilities 
you  want.  Do  you  need  better  scanning  capabilities  to  improve  workflow? 
Is  speed  more  important?  Printer  fleet  management?  Maintenance? 
Leasing?  Color  printing?  Restrictions  on  color  printing?  Whereas  procure¬ 
ment  in  the  past  may  have  looked  simply  at  lowest  cost,  today’s  procure¬ 
ment  best  practices  examine  how  MFP  buys  align  document  management 
processes  with  business  goals,  such  as  improving  worker  productivity. 

MFP  software  lets  end  users  queue  jobs  as  they  come  in  or  choose 
which  task  they  want  printed  first,  which  enables  workers  to  do  their  jobs 
more  efficiently.  “And  you  can  multitask,”  says  Mike  Marusic,  vice  presi¬ 
dent  of  Sharp’s  Document  Solutions  Company  of  America  in  Mahwah, 
N.J.  “An  MFP  lets  you  both  scan  and  print  one  document  at  the  same 
time,  speeding  workflow.” 

Plus,  having  one  device  means  training  on  only  one  system. 

Reducing  output  is  another  common  business  goal,  which  is  why  scan¬ 
ning  functionality  is  becoming  more  important.  Users  can  scan  docu¬ 


ments  to  their  desktop  e-mail  programs  or  to  a  folder  for  document  shar¬ 
ing,  which  not  only  reduces  paper  but  also  increases  security. 

DOCUMENT  MANAGEMENT  AND  MORE 

Security  often  comes  under  the  “and  more”  category  of  MFP  capabilities. 

“An  MFP  is  a  print  server  on  your  network,”  explains  Sharp’s  Marusic. 
“Not  only  can  external  attackers  hack  into  your  network  through  your 
MFP,  but  also  internal  users  can  redirect  a  print  job  from  one  MFP  to 
another.” 

Ensure  that  you  purchase  the  MFP  security  functionality  you  need, 
such  as  authentication  and  encryption.  In  addition,  if  your  organization 
must  comply  with  regulations  such  as  the  Health  Insurance  Portability 
and  Accountability  Act  (HIPAA),  choose  an  MFP  that  lets  you  produce 
documents  facedown. 

MFPs  will  not  completely  replace  single-use  devices  any  time  soon,  say 
experts,  but  they  can  certainly  help  with  printer  creep. 

“It  is  no  longer  cost-effective  to  have  a  different  device  for  each  neces¬ 
sary  [document  management]  function,”  says  Hendrick  of  Kyocera  Mita 
America.  “With  an  MFP,  users  have  one  powerful  tool  for  all  of  their  day- 
to-day  activities.” 

Rosea nn  McGrath  Brooks  is  a  freelance  writer  based  in  West  Chester,  Pa., 
specializing  in  business  and  technology. 
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Sharp  OSA  ushers  in  a  brave  new  world  of  personalization  and  integration 


Sharp  Open  Systems  Architecture 


A  college  had  deployed  multifunction 
peripherals  (MFPs)  throughout  the 
campus.  However,  most  of  these  loca¬ 
tions  did  not  have  convenient  access  to  the  IT 
support  staff  for  questions  and  issues.  So 
when  users  had  questions,  they  simply  walked 
away  from  the  machines,  artificially  inflating 
downtime.  But  because  the  machines  were 
made  by  Sharp  and  support  Sharp’s  Open 
Systems  Architecture  (Sharp  OSA),  a  local 
dealer  was  able  to  quickly  personalize  each 
machine  with  a  convenient  one-touch  button 
allowing  users  to  immediately  notify  the  sup¬ 
port  team,  which  helped  with  resolving  prob¬ 
lems  quickly. 

Sharp  OSA  represents  a  unique,  value-laden 
opportunity  for  users  seeking  to  personalize 
and  integrate  the  operations  of  their  MFPs. 


Utilizing  Web  services  and  SOAP  technology — 
the  de  facto  standards  for  application-to-appli- 
cation  communications — Sharp  OSA  lets  net¬ 
work  applications  control  the  MFP  through 
bidirectional  communication.  This  means 
users  can  interact  directly  with  their  business 
applications  right  from  the  LCD  panel  on  the 
Sharp  MFP.  There  is  no  running  back  to  a 
desktop  PC  to  complete  a  task,  saving  time 
and  increasing  productivity. 

The  Sharp  OSA  tool  kit  is  available  to  deal¬ 
ers  and  to  independent  software  vendors  who 
work  directly  with  end  users  to  create  cus¬ 
tomized  MFP  solutions.  More  importantly,  the 


tool  kit  is  also  available  to  IT  departments 
should  they  opt  for  in-house  development. 
The  bottom  line  for  users  is  that  Sharp  OSA 
gives  them  control  of  their  workflow;  speedy 
ROI  with  tighter  integration  between  IT  assets 
and  hardware;  convenience  of  centralized 
applications  with  minimal  installation  on 
multiple  MFPs;  and  streamlined  development 
enabled  by  industry-standard  application 
communications. 

Recently  released  Sharp  OSA  has  already 
been  independently  recognized  for  excellence, 
receiving  the  vaunted  2006  BERTL  Best 
Innovation  Award  for  Customized  User 
Control  System  on  MFP  Web  Server.  Similarly, 
Sharp  MFPs  continued  to  be  recognized  as 
best  in  class,  winning  several  BERTL’s  Best  of 
2006  and  BLI’s  Pick  of  the  Year  Awards. 


S-2 


I 


©2006  Sharp  Corporate 


Keep  the  CEO's  dream  of  growth  from 
becoming  the  CIO's  integration  nightmare 


INTRODUCING  THE  SHARP  MX-SERIES.  Sharp's  Open  Systems  Architecture  delivers  the 
first  truly  customizable  multifunction  product.  With  its  seamless  integration,  Sharp  OSA  offers  a  broad 
array  of  value-added  functionality.  It  also  gives  you  unparalleled  control,  right  at  the  LCD  screen.  All  of 
which  makes  the  MX-Series  a  powerful  resource  that  grows  with  your  business.  It's  no  wonder  Sharp 
won  the  BLI  award  for  "IT  Friendliness"  and  the  BERTL  5-Star  Exceptional  rating  for  product  usability. 
To  learn  more,  visit  sharpusa.com/documents 


ENERGY  STAR 


As  an  ENERGY  STAR* 
Partner.  Sharp  has 
determined  that  this 
product  meets  the 
ENERGY  STAR’  guidelines 
lor  energy  efficiency. 


MX-SERIES 


Wireless- 

The  Speed  of  Life 


Internet.  Voice.  Entertainment  -  All  at  Once.  Anywhere. 


WRT300  Wireless-N  Broadband  Router 


Life  moves  fast.  You  have  to  multitask  every  day.  Now 
there's  a  wireless  network  that  can  keep  up  with  the 
speed  of  life.  A  Wireless-N  network  from  Linksys  lets  you 
surf  the  web,  enjoy  high  definition  video,  listen  to  digital 
music,  and  make  Internet  phone  calls  -  all  at  the  same 
time  anywhere  throughout  the  home  or  office. 

•  Up  to  4X  the  range  for  whole-home  coverage  that  virtually 
eliminates  dead  spots. 

•  Up  to  1 2X  the  speed  of  the  older  Wireiess-G  standard. 

•  Compatible  with  existing  Wireless-G  and  -B  products. 

•  Easy  to  install  and  easy  to  use.  Set  it  and  forget  it. 


Linksys.  Nobody  makes  networking  easier! 

For  more  information  on  the  new  Linksys 
Wireless-N  products,  visit  www.Linksys.com, 
or  call  1-800-737-7201. 


cow}  Insight 


Linksys  Is  a  registered  trademark  or  trademark  of  Cisco  Systems,  Inc.  and/or  Its  affiliates  in  the  U.S.  and  certain  other  countries. 
Wireless-N  The  Speed  of  Life  Logo  Is  a  trademark  of  Linksys.  Copyright  ©  2006  Cisco  Systems,  Inc.  All  rights  reserved. 
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Open  source  unlocks  options  for  SMBs 

BY  JENNIFER  MEARS 


NET.WORKER 


PRODUCTS,  SERVICES  AND  STRATEGIES  FOR 
TYING  TELEWORKERS  TO  THE  ENTERPRISE 


WHEN  TONY  LOSEY  CAME  TO  THE  3SIXTY  GROUP  IN  2003  HE  SAW 
that,  like  many  small  companies,  the  manufacturing  firm  didn’t  have 
much  in  the  way  of  advanced  systems.  It  was  running  an  old  ERP  sys¬ 
tem  on  machines  that  dated  back  to  1992;  there  was  no  company 
intranet;  and  executives  had  pushed  the  company’s  Web  site,  a  key 
business  driver,  to  an  outside  hosting  provider. 
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The  organization  didn’t  have  a  lot  of 
money  to  throw  at  IT.  But  Losey  who  took 
over  as  head  of  the  one-person  IT  depart¬ 
ment,  zeroed  in  on  open  source  as  the  key 
to  keeping  the  company  competitive  as  it 
grew  quickly  through  acquisition.  It’s  a 
direction  that  an  increasing  number  of 
small  and  midsize  businesses  (SMB)  are 
taking  as  Linux  and  open  source  become 
battle-tested  and  are  finding  mainstream 
acceptance  among  larger  corporations. 

While  bigger  companies  look  at  open 
source  for  cost  savings  and  flexibility, 
smaller  businesses  are  viewing  open 
source  as  an  opportunity  to  bring  in 
advanced  technologies  that  in  the  past 
were  available  only  through  expensive,  pro¬ 
prietary  packages,  analysts  say 

“Open  source  really  is  becoming  an  entry 
into  things  [SMBs]  couldn’t  do  before,” says 
Bob  Igou,a  research  director  at  Gartner. 

The  3Sixty  Group,  for  example,  has  a  com¬ 
pany  intranet  —  thanks  to  the  Plone  open 
source  content  management  system  — 
and  uses  open  source  CRM  software  from 
SugarCRM.  In  addition,  the  company’s  ERP 
system  now  is  running  on  Red  Hat’s  free 
Fedora  Linux,  and  Losey  wrapped  up  a 
project  to  move  from  Windows  to  the  open 
source  Samba  file  and  print  server  and  an 
open  source  directory  server  about  two 
months  ago. 

“Open  source  allows  us  to  bring  in  func¬ 
tionality  that  before  we  couldn’t  afford  or 
didn’t  have  time  to  pay  attention  to,”  says 
Losey,  who  now  has  an  IT  staff  of  three. 

Sam  Lamonica,CIO  at  Rudolph  &  Sletten 
in  Redwood  City,  Calif.,  agrees  that  open 
source  software  can  give  SMBs  a  leg  up 
without  breaking  the  bank.  When  the  con¬ 
tracting  firm  needed  a  good  network  mon¬ 
itoring  tool  but  didn’t  want  to  pay  for  all 
the  bells  and  whistles  that  came  with  pro¬ 


prietary  packages  from  companies  such 
as  CA  and  HRit  looked  to  the  open  source 
community 

Lamonica  deployed  an  open  source 
monitoring  system  from  Groundwork  and 
says  that  moving  forward  he’ll  weigh  open 
source  options  along  with  commercial  soft¬ 
ware  packages  in  any  buying  decision. 

“We’re  past  the  point  in  time  where  we 
have  to  say ‘Well,  I  won’t  get  fired  if  I  buy 
Cisco,’  or  ‘I  won’t  get  fired  if  I  buy 
Microsoft.’  I  think  that  fear  has  gone  away 
and  open  source  has  matured  a  great  deal 
so  that  now  people  are  no  longer  afraid  of 
it,”  he  says. 

In  the  past,  smaller  organizations  often 
have  been  reluctant  to  bring  in  open 
source  because  of  a  lack  of  in-house  skills. 
While  SMBs  still  may  not  have  deep  open 
source  expertise,  that  barrier  to  adoption  is 
diminishing  as  a  growing  number  of  firms 
emerge  to  provide  third-party  support  for 
open  source  projects. 

In  addition,  companies  such  as  Spike- 
Source  and  OpenLogic  are  developing 
prepackaged  stacks  of  software  that  may 
also  include  proprietary  components,  mak¬ 
ing  it  easier  for  companies  to  integrate 
open  source  into  existing  infrastructures. 

“There  is  definitely  more  interest  among 
SMBs  in  Linux  and  other  open  source 
solutions,”  says  Michael  Dortch,  principal 
business  analyst  and  IT  infrastructure 
management  practice  leader  at  the  Robert 
Frances  Group.  “These  [applications]  have 
always  offered  cost  savings  over  traditional 
proprietary  solutions,  and  are  now  also 
gaining  sufficient  ease  of  use,  integration 
and  support  to  make  them  more  viable 
options  for  SMBs.” 

IBM,  for  example,  has  rolled  out  open 
source-based  community  editions  of  its 
WebSphere  middleware,  designed  specifi¬ 


Opening  up  to  open  source 

SMBs  are  looking  at  Linux  and  open 
source  as  a  means  to  bring  in 
technology  that  in  the  past  was  out 
of  reach  in  expensive,  proprietary 
packages.  Some  things  to  think 
about  when  moving  to  open  source: 

•  Leverage  experts.  Don't  let  a  lack  of  in-house 
expertise  stop  an  open  source  deployment. 
Investigate  the  growing  number  of  third-party 
companies  providing  open  source  support. 

•  Put  in  policies.  View  open  source  as  you  would 
any  commercial  application  and  have  processes 
in  place  for  procuring  the  software  and  managing 
it.  This  is  especially  important  for  open  source, 
because  licensing  issues  can  get  sticky. 

•  Call  on  the  community.  Stay  close  to  the  open 
source  community  for  advice  and  road  maps 
regarding  the  free  software,  and  make  it  a  point 
to  contribute  to  the  development  of  the  software, 

•  Look  for  lessons  learned.  Talk  to  peers  to  gain 
insight  from  their  experiences. 

•  Fiddle  with  the  free  stuff.  Download  free  versions 
to  determine  if  the  software  is  a  fit. 


cally  for  SMBs.  At  LinuxWorld  in  August, 
Collax  introduced  its  open  source  business 
server  to  the  U.S.  market.  The  product  is 
designed  to  give  SMBs  an  alternative  to  the 
Microsoft  Small  Business  Server  by  offering 
a  suite  of  open  source  applications  for 
security,  networking  and  communication. 

Collax’s  business  server  can  be  used  by 
organizations  that  don’t  have  Linux  or  open 
source  expertise  on  staff,  the  company  says. 
Handlmaier,  a  50-person  company  that 
makes  mustard  in  Regensburg,  Germany  for 
instance,  made  its  first  foray  into  open 
source  this  year  thanks  to  Collax. 

Handlmaier  “liked  the  idea  that  Collax 
was  prequalifying  and  configuring  the 
[package  of  applications]  so  that  they  did 
not  have  to  hire  a  Linux  programmer  to  do 
the  work,”  says  Norbert  Auburger,  a  manag¬ 
ing  director  at  the  integrator  that  deployed 
the  Collax  Business  Server  at  Handlmaier. 
“This  meant  time  and  money  saved.” 

By  using  the  Collax  Business  Server, 
Handlmaier  has  cut  its  IT  administrative 
costs  in  half,  Auburger  says. 

It’s  that  kind  of  cost  savings  —  and  a  need 
for  a  more  open,  flexible  platform  —  that 


prompted  Palm  Beach  Community  College 
(PBCC)  to  shift  its  Software  AG  ERP  pack¬ 
age  from  z/OS  to  SUSE  Linux  on  the  main¬ 
frame,  a  project  it  completed  in  May 

“We’re  not  a  huge  institution  and  we  were 
running  z/OS  with  the  big  boys,  and  we 
were  paying  for  it,”  says  Tony  Parziale.CIO  at 
the  school  in  Lake  Worth,  Fla. 

By  shifting  to  Linux,  PBCC  was  able  to 
gain  more  capacity  without  facing  skyrock¬ 
eting  licensing  fees  for  the  z/OS  operating 
system,  he  says. 

“It  was  cost  and  it  was  open  architecture, 
as  well.  We  wanted  to  be  on  an  open  plat¬ 
form  and  we  felt  it  would  give  us  more  flex¬ 
ibility  in  the  future  to  go  where  we  want  to 
go,”  Parziale  says. 

Parziale  says  the  college  is  saving  about 
$30,000  a  month  by  moving  to  Linux  and  is 
looking  to  expand  its  use  of  open  source. 
“It’s  just  kind  of  hard  to  break  the  Wintel  en¬ 
vironment,”  he  says. 

That  cultural  opposition  is  lessening,  how¬ 
ever,  as  examples  of  the  benefits  of  open 
source  increase  in  number,  Parziale  says. 

“There  is  definitely  great  acceptance  of 
open  source  applications. . . .  It’s  now  moved 
to  where  you  can  pick  up  any  of  the  major 
publications  and  read  about  Linux  and 
larger  organizations  starting  to  use  it,”  he 
says. “That  eliminates  a  lot  of  the  concerns 
that  senior  management  has  when  they 
think  you’re  moving  down  this  untried, 
untested  path.” 

Backcountry.com,  an  online  outdoor 
sporting  goods  retailer,  moved  into  open 
source  in  2001  when  it  was  launched. 

“There  was  no  way  they  were  going  to 
drop  $50,000  on  an  Oracle  license,”  says 
Dave  Jenkins,  the  Red  Hat  consultant  who 
helped  Backcountry.com  deploy  a  Linux- 
based  e-commerce  system  and  later  be¬ 
came  the  company’s  CTO. 

The  Park  City  Utah,  firm  has  more  than  200 
employees  and  continues  to  look  to  open 
source  in  all  areas  of  the  business,  includ¬ 
ing  the  desktop,  where  today  about  two- 
thirds  of  PCs  are  running  Linux. 

“It’s  coming  down  to  a  classic  case  of 
small  business  saying, ‘Oh  boy,  we  don’t  real¬ 
ly  want  to  pay  for  all  that  [in  proprietary  soft¬ 
ware]  ’  and  there  are  enough  engineers  and 
system  administrators  that  have  experience 
with  Linux  to  say‘Well,you  know  what,  there 
are  open  source  alternatives,”’ he  says.  H 
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THERE  IS  AN  ALTERNATIVE 


Your  global  IP  carrier  should  set  you  free,  not  hold 


you  down.  It  should  be  nimble  and  flexible  enough 


to  deliver  innovative  IP  solutions  and  superior 
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scope  and  scale  your  business  requires.  Enter 


Global  Crossing.  Our  wholly-owned  global  IP 


network  connects  you  virtually  anywhere  instantly. 


It  works  effortlessly  with  your  current  legacy  system 


and  with  IP  services  yet  to  be  envisioned.  All  with 


the  security,  support  and  control  you'd  expect  from 


an  industry  leader.  It's  no  wonder  so  many 


FORTUNE  500®  companies  depend  on  us.  Learn 


more  at  www.globalcrossing.com 
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Global  Crossing 
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One  planet.  One  networkrinfinite  possibilities. 
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ADVERTISEMENT 


Do  you  know 

what's  hiding 

in  your 

encrypted  SSL  traffic? 

Content  filters  cannot  scan  SSL  traffic  ~  viruses  and 
malware  could  be  hiding  inside. 

Closing  the  last  major  known  network  hole:  the  SSL  blind  spot 

Ever  since  computers  arrived  on  our  landscape,  organizations 
have  been  seeking  to  secure  their  networks.  The  SSL  protocol 
provides  encryption  to  maintain  the  integrity  of  transmissions  and 
establish  a  reliable,  secure  pipeline  between  two  endpoints.  But  as 
everyone  knows,  risks  come  with  the  best  of  technologies. 

Supporting  remote  employees,  partner  extranets,  CRM  solutions, 
and  more,  SSL  tunnels  contributes  from  1 0%  to  as  high  as  50%  of 
network  traffic — too  much  for  enterprises  to  ignore.  But  organiza¬ 
tions  may  not  realize  the  risky  holes  these  tunnels  have  opened  in 
their  networks. 

The  Irony — Encryption  itself  is  both  a  protection  and  a  problem 

Network  administrators  responsibly  deploy  firewalls,  URL  filtering, 
anti-virus,  and  anti-spyware  solutions  as  part  of  their  security  strat¬ 
egy  for  HTTP  traffic.  But  these  tools  cannot  readily  be  applied  to 
encrypted  traffic.  It's  ironic  that  the  very  encryption  that  is  meant 
to  protect  HTTPS  traffic  can  also  function  as  a  cloak  that  lets 
dangerous  content  into  your  network.  Viruses  and  maiware  can 
"slip  through"  encrypted  content  quite  readily  with  no  filters  to 
block  its  path. 

Additional  risks  surround  certificates  that  may  be  untrustworthy. 
When  employees  are  prompted  to  accept  an  unknown  certificate, 
they  assume  it's  OK  and  say  yes.  However,  the  organization  is 
then  exposed  to  a  potential  security  risk. 

Three  "bad"  options  for  addressing  the  SSL  blind  spot: 

1 .  Block  SSL  traffic:  This  is  impractical  since  more  and  more 
business  applications  rely  on  SSL. 

2.  Block  unknown,  non-business  SSL  URLs  using  a  filtering  data¬ 
base:  With  new  URLs  every  day,  this  puts  a  strain  on  the  IT  depart¬ 
ment  to  keep  up  with  the  list  of  "allowed  sites"  as  business 
evolves.  This  solution  also  does  not  address  the  need  to  filter  the 
content  for  malware. 

3.  Ignore  the  issue  and  live  with  the  risks:  Dangerous  and  not 
recommended. 


You  need  a  solution  that  eliminates  your  SSL  blind  spot 

Deploying  the  right  SSL  Security  Solution  enables  you  to  decrypt 
and  filter  this  content  to  ensure  it's  safe.  Safe  HTTPS  traffic  includes: 

1 .  Temporary  decryption  at  the  gateway 

2.  Gateway  anti-virus  /anti-spyware  scanning 

3.  Outbound  Content  Control 

4.  Media  type  and  content  filtering 

5.  Certificate  management 

6.  Flexible  policy  enforcement 

Webwasher  SSL  Scanner  and  SCM  Suite  achieves  this  goal 

The  Webwasher®  Secure  Content  Management  (SCM)  Suite  from 
Secure  Computing®  includes  the  Webwasher  SSL  Scanner  which 
enables  enterprises  to  apply  their  existing  Internet  security  policies 
to  ail  key  Web  protocols:  HTTP,  FTP,  and  HTTPS. 

It  effectively  terminates  (decrypts)  SSL  Traffic  at  the  gateway, 
applies  multiple  anti-virus  and  content  scanners,  and  then  re¬ 
encrypts  the  content  and  directs  it  to  the  intended  recipient. 
Unique  in  the  industry,  Webwasher  pioneered  this  technology  in 
2003,  and  our  second  generation  of  SSL  Scanner  includes  client 
certificate  and  cluster  support. 

Webwasher's  fuliy  integrated  and  interoperable  architecture  delivers 
in-depth  security  and  cost/time  savings.  Webwasher  is  available  as 
a  high-performance  appliance  or  as  a  software  solution  for  Linux, 
Solaris,  and  Windows  platforms. 


To  learn  how  to  keep  your  networks  protected  and  secure,  read  our  white  paper 

Eliminate  your  SSL  Blind  Spot:  The  solution  to  managing — and  securing — HTTPS  traffic  at: 

http://www.securecomputing.com/goto/sslblindspot_ad 


Messaging  Gateway  Security  Web  Gateway  Security  Network  Gateway  Security 

-  CipherTrust  IronMair  -Webwasher®  -  Sidewinder  G2® 

-  CipherTrust  Edge  "  -  SmartFiler®  -  CyberGuard@TSP 

-  CipherTrust  IronlM’"  -  SnapGear™ 

-  CipherTrust  IronNet™ 

-  CipherTrust  Radar’" 


Identity  &  Access  Management 

-  SafeWord® 

-  SafeWord®  SecureWire® 

www.securecomputing.com 

©2006  Secure  Computing  Corporation.  All  rights  reserved. 
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IBHNOUfiY  UPDATE 

B  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


OATH  aims  for  open  authentication 


HOW  R  WORKS:  THE  INITIATIVE  FOR  OPEN  AUTHENTICATION 
ARCHITECTURE 

OATH's  HOTP  algorithm  for  one-time  passwords  is  one  of  the  components 
of  the  organization’s  reference  architecture. 
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□  The  customer  uses  the  token  to  generate  a  credential  such  as  one-time  password  (OTP),  and  provides 

it  to  the  client  application.  _ _ _ 

B  The  client  application  sends  the  credential  (such  as  OTP)  to  the  application  in  order  to  authenticate 
access  to  a  requested  resource. 

0  The  application  will  send  the  credential  to  the  validation  system,  which  uses  the  associated  key  in 
the  token  store  to  verify  the  OTP  value  and  return  a  yes  or  no  to  the  application. 

□  Based  on  the  response  from  the  validation  system,  the  application  will  grant/deny  access  to  requested 
resources. 


BY  GARRET  GRAJEK  AND  JAY  HOFFMEIER 

Businesses  have  to  facilitate  sharing  of 
data  over  the  network,  while  preventing 
theft  or  unauthorized  access  of  that  data  in 
an  increasingly  hostile  environment. 
Organizations  must  be  able  to  establish  the 
identity  of  the  remote  entity  with  a  high 
degree  of  certainty  The  Initiative  for  Open 
Authentication  (OATH)  is  developing  tech¬ 
nology  to  enable  strong  authentication  of 
all  users  on  all  devices,  across  all  networks, 
such  as  its  algorithm  for  one-time  pass¬ 
words. 

OATH  includes  more  than  90  companies, 
including  leading  device,  platform  and 
application  companies.  Participants  work 
collectively  to  facilitate  standards  work  and 
build  a  reference  architecture  for  open 
authentication. 

The  OATH  reference  architecture  docu¬ 
ment  covers  client  framework,  validation 
framework,  client  provisioning  and  a  com¬ 
mon  data  model. 

One  of  the  group’s  first  achievements 
was  the  development  of  an  open, royalty- 
free  algorithm  for  one-time  passwords. 
HOTP  OATH  has  promoted  the  HOTP 
algorithm  for  one-time  password  (OTP) 
credentials.  It  uses  available  building 
blocks  such  as  Hashed  Message 
Authentication  Codekey  and  Secure 
Hash  Algorithm-1  and  generates  a  series 
of  OTPs  based  on  a  secret  key  shared 
between  the  client  and  server.  One  of  the 
goals  for  this  algorithm  was  embedding 
into  existing  devices  such  as  USB  flash 
drives  and  mobile  phones,  and  hence 
this  is  an  event-based  algorithm. 

OATH  reference  architecture  acknowl¬ 


edges  that  one  size  does  not  fit  all,  and  sup¬ 
ports  additional  authentication  methods 
(such  as  challenge-response,  time-based 
OTPcertificates)  which  may  or  may  not  be 
OATH-defined.  Developers  can  pick  and 
choose  the  OATH  pieces  they  want  to 
implement. 


To  generate  an  OTP  value,  the  remote 
entity  needs  a  client  that  implements 
OATH  HOTP  One  can  implement  an  OTP 
client  leveraging  the  source  code  that  is 
provided  in  RFC  4226.  Alternatively,  there 
are  existing  devices  available  from  several 
OATH  vendors  in  various  form-factors  — 


stand-alone  OTP  tokens,  smart  cards,  USB 
flash  drives,  SIM  cards  and  mobile 
phones. 

To  authenticate,  the  networked  entity 
needs  to  send  the  OTP  to  the  application  in 
addition  to  a  username  and  password. This 
enables  two-factor  authentication  (what 
you  know  —  password,  and  what  you  have 
—  HOTP  client).  Because  this  OTP  is  typi¬ 
cally  a  six  digit  value,  it  can  be  sent  to  the 
application  using  existing  methods  and 
protocols. 

Lastly  the  application  needs  to  verify  the 
username  and  password  sent  by  the 
remote  entity  against  a  user  store  (typically 
a  Lightweight  Directory  Access  Protocol 
directory)  and  validate  the  OTP  value.  The 
OATH  reference  architecture  espouses  the 
use  of  RADIUS  that  is  a  widely  implement¬ 
ed  protocol  in  network  systems  for  validat¬ 
ing  the  OTP 

Once  the  application  has  ascertained  the 
identity  of  the  user  with  a  high  degree  of 
certainty  (using  two  factors),  the  applica¬ 
tion  can  provide  the  remote  entity  access 
to  the  requested  resource  while  efficiently 
managing  the  risk  of  unauthorized  access 
to  or  theft  of  data. 

An  OTP-based  approach  requires  that  the 
user  generate  and  use  a  different  OTP  each 
time.This  makes  it  impossible  for  passwords 
to  be  sniffed  and  stolen  and  then  re-used  at 
a  later  time. 

Hoffmeier  is  technical  director  for  SPYRUS 
and  Grajek  is  president  of  Multi-Factor 
Authentication.  They  can  be  reached  at 
jhoffmeier@spyrus.com  and  ggrajek@multi- 
fa.  com,  respectively. 


Ask  Dr.  Internet  By  Steve  Blass 


Do  you  know  why  using  a  cell  phone  in  a  hospital 
unit  could  be  a  problem,  when  that  same  hospi¬ 
tal  provides  wireless  network  service  for  visi¬ 
tors  and  patient  rooms  in  the  same  areas? 

I've  been  told  it's  because  the  hospital  can  define  and 
control  the  wireless  network  equipment  and  the  frequen¬ 
cies  that  the  wireless  network  uses  with  enough  certain¬ 
ty  to  ensure  that  there  won't  be  interference  with  the 
patient  monitoring  equipment,  but  that  the  uncertainty 
associated  with  the  way  multiple  cellular  telephone  ser¬ 


vices  operate  and  the  variety  of  handsets  makes  it  more 
difficult  to  ensure  that  there  won’t  be  any  interference. 

The  second  part  of  the  answer  is  that  if  the  hospital- 
provided  wireless  network  causes  trouble,  then  the  hos¬ 
pital  can  turn  it  off  to  eliminate  the  interference. 
Wireless  devices,  Wi-Fi  computers  and  cell  phones  are 
essentially  radio  transceivers.  The  power  and  frequency 
signatures  of  radio  transceivers  vary  significantly  as  the 
devices  are  turned  on,  used  to  communicate  and  turned 
off.  In  mission-critical  settings,  whether  medical  or  oth¬ 
erwise,  the  technical  teams  responsible  for  service 


often  create  conservative  failsafe  rules  and  policies  to 
guarantee  required  levels  of  essential  services.  While 
people  ignore  cell  phone  restrictions  on  airplanes  and  in 
hospitals  without  immediate  negative  consequences 
(just  like  some  people  successfully  run  red  lights),  it 
doesn’t  mean  the  regulations  prohibiting  them  are  not 
sensible. 

Blass,  a  network  architect  at  Change@Work  in 
Houston,  can  be  reached  at  dr.internet@changc 
atwork.com. 
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File  transfers  and  a  little  GPS 


GEARHEAD 

INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


We’ve  been  doing  some  Web  site 
work  recently  and  all  of  the  upload¬ 
ing  and  downloading  stuff  was  start¬ 
ing  to  get  pretty  tedious.  We’ve  been 
using  an  outstanding  utility  called 
FileZilla,  a  free  open  source  FTP 
client.  FileZilla  is  so  good  that  it  will 
be  nominated  for  the  Gearhead 
Awards. 

Allow  us  to  digress:  If  you  have  writ¬ 
ten  in  for  a  form  to  nominate  your 
favorite  software  and  hardware  for 
the  Gearhead  Awards  and  haven’t 
got  a  reply  it  is  because  there’s  been  a  problem  with  the 
form  submission  system  we’re  using  . . .  hold  hard  and  a 
form  will  be  wending  its  way  to  you  in  due  course. 

FileZilla  is  really  well  thought-out.  It  supports  resuming 
uploads  and  downloads  (if  the  server  supports  that  fea¬ 
ture);  customizable  commands;  a  site  logon  manager  (you 
can  group  sites  in  folders);  timeout  detection  with  “keep 
alive”;  firewall  support;  SOCKS4/5  and  HTTP1.1  Proxy  sup¬ 
port;  SSL  connection  support;  support  for  SFTP;  upload  and 
download  queuing;  drag  and  drop;  localization;  and  GSS 
authentication  and  encryption  using  Kerberos. 

FileZilla  is  easy  to  use  but  even  so,  when  you  are  moving 
files  to  and  from  a  remote  server  you’d  really  like  to  handle 
the  remote  file  system  and  its  contents  exactly  as  you 
would  if  you  were  working  with  a  local  file  system.  This 
would  allow  all  of  your  tools  to  be  used  on  the  remote  sys¬ 


tem  without  any  problems  or  modifications.There  must  be 
a  way  to  do  this  . . .  yes, yes,  its  called  WebDrive! 

WebDrive  is  a  really  neat  utility  from  South  River 
Technologies  that  creates  logical  drives  that  can  be  mapped 
to  remote  servers  running  FTR  SFTP  WebDAV  FrontPage  or 
SRT’s  own  GroupDrive  file  server  product. 

When  you  run  WebDrive  it  presents  a  site  logon  manager 
interface  that  looks  a  lot  like  FileZilla’s  and  includes  folders 

FileZilla  is  so  good  that  it 
will  be  nominated  for  the 
Gearhead  Awards. 

for  grouping  related  sites.  You  can  create  a  connection 
using  the  manager  and  assign  a  local  drive  letter  to  it  and 
voila!  Look  on  that  drive  using  any  program  and  you’ll  see 
what  looks  exactly  like  a  local  drive,  access  speed  notwith¬ 
standing.  (Connections  to  servers  on  remote  networks 
mapped  to  WebDrive  drives  are  always  slower  than  local 
drives  mapped  to  Uniform  Naming  Convention  paths.) 

As  we  said,  you  can  treat  WebDrive  drives  as  you  would 
local  drives  and  use  any  tools  you  like  on  them,  such  as 
backup  and  disk  utilities. The  WebDrive  manager  also  pro¬ 
vides  a  file  transfer  manager  for  unidirectional  or  bidirec¬ 
tional,  full  or  incremental  transfers,  which  can  be  executed 
immediately  or  scheduled  to  run  at  a  given  time. 

WebDrive  also  integrates  with  Windows  Explorer’s  con¬ 
text  menu  by  adding  a  WebDrive  entry  This  item  leads  to  a 


submenu  that  lets  you  change  from  online  to  offline  (and 
vice  versa),  provides  file  caching  control  and  offline  file 
and  folder  management,  as  well  as  starting  synchronization 
of  offline  content. 

WebDAV  the  Web-based  Distributed  Authoring  and  Ver¬ 
sioning  protocol,  is  a  great  addition  to  WebDrive.  It  is  more 
firewall  friendly  than  many  other  protocols,  and  supports 
file  locking  to  ensure  integrity 

We  are  totally  sold  on  this  product.  It  makes  life,  or  at  least 
file  transfers,  easy. WebDrive  pricing  starts  at  $55  for  a  single 
license  with  a  year  of  updates. 

Finally  to  catch  up  on  our  complaint  that  MapFbint  2006 
doesn’t  create  a  detailed  trail  of  GPS-derived  positions, 
Microsoft  says  this  is  planned  for  a  future  update. 

Reader  Patrick  Paulson  suggested  an  alternative  to  wait¬ 
ing:  Check  out  the  Advanced  GPS  Add-in  for  Microsoft 
MapPoint  (www.techgt.com/AGPS/). 

This  neat  tool  shows  the  geeky  GPS  satellite  position 
detail  that  MapPoint  doesn’t,  and  GPS  tracks  get  the  detail 
we  wanted.  There’s  also  the  Driving  Assistant,  which  uses 
text-to-speech  to  tell  you  what  directions  to  take  and  when 
your  ETA  changes.The  combo  of  MapPoint  2006  and  AGPS 
is  better  than  most  GPS  navigation  systems  in  top-end  cars. 

AGPS  is  yours  for  only  $10,  which  removes  the  nag 
screens  and  allows  the  Driving  Assistant  to  run  for  longer 
than  10  minutes. 

Are  those  tools  groovy  or  what?  Tell  us  at 
gearhead@gibbs.  com. 


-  CoolTools 

Quick  takes  on  high-tech  toys.  Keith  Shaw 

It’s  DemoFall  2006  time,  and  here  are  two  cool  product  launches 
happening  at  this  week’s  show  in  San  Diego.  More  cool  products 
online  at  www.networkworld.com. 

Dash  Navigation 

Dash  is  a  GPS  device  that  includes  an  always-on  network  connection  (through  a 
combination  of  GSM/GPRS  cellular  and  Wi-Fi)  to  provide  up-to-date  and  relevant 
information  to  users  in  their  cars.The  network  connectivity  will  offer  better  real-time 
traffic  data, and  allow  for  on-the-fly  searches  and  automatic  map  update  downloads. 

Dash  aims  to  address  several  problems  with  existing  GPS  devices  —  traffic  infor¬ 
mation  is  often  inaccurate;  mapping  updates  are  often  never  downloaded  or  too  dif¬ 
ficult  to  configure;  and  businesses  and  services  often  move  or  change.  While  most 
GPS  devices  can  give  turn-by-turn  directions,  most  users  want  more  than  that  —  they 
want  the  best  route  given  traffic  conditions,  the  best  services  on  the  route,  and  real¬ 
istic  estimates  on  how  long  it  will  take  to  get  to  a  destination. 

While  the  system  relies  on  traffic  sensors  to  detect  conditions,  the  network  con¬ 
nection  means  one  driver’s  Dash  unit  can  become  a  traffic  probe  for  others. If  the  sys¬ 
tem  detects  that  a  user  is  going  slower  than  normal  on  a  road  (as  defined  by  usage 
patterns),  the  system  will  alert  other  Dash  units  of  possible  slowdowns  and  provide 
for  re-routing.The  company  says  about  1,000  units  within  a  metropolitan  area  would 
provide  enough  data  for  real-time  updates,  but  even  the  “first  person  in  the  city”  with 
a  unit  will  be  able  to  receive  information  from  traffic  sensors  and  other  databases. 

Dash  is  in  beta  testing  in  the  San  Francisco  Bay  Area,  with  a  first-quarter  2007 
launch  scheduled  for  California,  then  a  national  consumer  launch  for  next  summer. 
Pricing  has  not  been  announced,  but  the  company  says  it  will  be  competitive  with 
other  high-end  GPS  devices.  In  addition  to  the  base  unit,  a  monthly  service  fee  will 
be  assessed  to  support  database  updates  and  real-time  network  connectivity 


Nabaztag  Version  2 

Also  known  as  the  Wi-Fi  rabbit,  the  Nabaztag  device  connects  to 
the  Internet  through  Wi-Fi.  Version  1  developed  a  cult  following  in 
the  blogosphere  for  its  ability  to  do  things  like  speak,  sing,  read  text 
and  move  its  ears.The  Nabaztag  can  use  its  features  to  display  news, 
give  alerts  and  stock  updates,  offer  weather  reports  and 
exchange  messages. 

The  company  behind  the 
rabbit,  Violet,  says  the  device 
shows  the  world  about  “the 
Internet  of  things,”  that  receiving  information  in 
cyberspace  doesn’t  have  to  be  limited  to  a  PC  and 
a  screen.  Volet  embeds  features  such  as  text-to- 
speech  and  RSS  feeds  into  a  simple  object. 

The  company  insists  that  Nabaztag  is  more  than 
a  robotic  toy. The  system  is  meant  as  an  open  plat¬ 
form  for  users  to  invent  new  uses. 

At  DemoFall,  the  company  plans  to  introduce 
Nabaztag  to  the  United  States.  Violet  says 
Version  2  will  launch  in  November  and  will 
likely  cost  more  than  the  current  Nabaztag, 
which  is  priced  at  about  $150. Version  2  includes 
speech-recognition  functions  to  allow  users  to 
use  it  as  an  input  device  or  as  a  push-to-talk  or 
VoIP  phone.The  new  version  also  will  be  able  to 
stream  audio  from  the  Internet,  including  pod¬ 
casts  and  Internet  radio. 


The  Nabaztag  bunny  uses  Wi-Fi  to 
gather  data  on  the  Internet  for  the 
user. 


Shaw  can  be  reached  at  kshaw@  nww.com.  Catch  the  Cool  Tools  Video  Show  every 
Thursday  online  at  www.networkworld.com,  and  be  sure  to  download  the  Twisted 
Pair  Podcast  every  Friday! 
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MPLS,  NAC  shine 
at  Interop 

Although  the  New  York  version  of  the  Interop  conference 
didn’t  draw  huge  crowds  last  week,  those  that  made  the 
trek  seemed  pleased  with  educational  sessions  covering 
everything  from  network  access  control  to  MPLS. 

The  MPLS  session  was  hosted  by  Network  World  columnist 
JohnaTill  Johnson,  president  of  Nemertes  Research,  and  fea¬ 
tured  speakers  from  Qwest,  Sprint  and  Verizon. 

Johnson  said  the  main  application  driving  her  clients  to 
MPLS  is  VoIRa  sentiment  backed  by  speakers  from  Sprint  and 
Verizon.  But  Martin  Capurro,  Qwest  director  of  Global  Prod¬ 
uct  Management  for  IP  Access, said  it’s  broader  than  that: “We 
see  customers  wondering, ‘How  do  I  take  frame,  private  line 
and  voice  and  integrate  them  on  one  backbone?”’ 

Johnson  told  the  crowd  they  could  expect  WAN  savings  of 
25%  to  40%  by  moving  to  MPLS,  with  the  larger  savings  going 
to  companies  that  bundle  voice,  data  and  video,  have  inter¬ 
national  sites  and  have  the  carrier  do  the  management. 

But  a  member  of  the  audience  who  works  for  an  invest¬ 
ment  firm  said  the  savings  disappear  if  you  need  big  T-3  or 
OC-3  pipes.“SONET  is  still  the  cheapest  alternative  for  us.” 

A  second  strike  against  MPLS  for  this  buyer:  His  security 
group  regards  MPLS,  which  is  a  Layer  3  service,  as  being  akin 
to  the  Internet  and  so  requires  encryption,  which  is  demand¬ 
ing  at  the  speeds  in  his  backbone. 

In  terms  of  prepping  for  migration  to  MPLS,  Qwest’s 
Capurro  told  the  audience  the  shift  typically  involves  migrat¬ 
ing  frame  to  MPLS,  private  lines  to  Ethernet  services,  and 
voice  to  VoiP“Make  sure  you  have  a  view  across  all  of  the 
components”  he  said. 

Another  hot  topic  at  the  show  was  network  access  control 
(NAC).  Network  World  Lab  Alliance  member  Joel  Snyder,  a 
senior  partner  with  Opus  One,  led  a  panel  on  the  topic  fea¬ 
turing  representatives  from  Microsoft,  Cisco,  Juniper,  Still- 
Secure  and  the  Trusted  Computing  Group. 

Asked  to  venture  a  guess  on  what  percentage  of  large  com¬ 
panies  will  be  doing  full-fledged  NAC  in  five  years,  all  of  the 
speakers  agreed  that  it  would  be  common  by  then. 

So  the  question  was,  how  do  you  best  prepare  for  the 
arrival  of  NAC?  Thomas  Howard, security  solutions  engineer 
with  Cisco, said  you  need  to  develop  policy:“If  you  don’t 
know  what  you  want  to  do,  how  are  you  going  to  know  what 
you  need?” 

But  Dave  Greenstein,  chief  architect  with  StillSecure,  recom¬ 
mended  a  piecemeal  approach.There  is  so  much  bureau¬ 
cracy  involved  in  policy;  I  say  start  with  your  highest  risk. 
Often  that’s  laptops  that  come  and  go.” 

Steve  Hanna,  distinguished  engineer  with  the  Trusted 
Computing  Group  agreed:“Roll  it  out  gradually  starting  with 
users  that  are  working  with  high-value  assets." 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 


Opinions 


Real  IT  Guys 

Mark  Gibbs’  BackSpin  column, “Real  IT  Guys”  (www. 
nwdocfinder.com/5320)  provides  a  perfect  stereo¬ 
typical  example  of  what’s  wrong  with  IT  today  I  have 
a  company-standard  PC  sitting  on  my  desktop.  Al¬ 
though  it  might  have  extra  RAM  to  accommodate  a 
programming  environment,  it  is  the  same  model  my 
users  work  with.Why?  Because  I  want  to  convey  sub¬ 
consciously  that  IT  is  no  different  than  my  cus¬ 
tomers  on  the  business  side. 

Secondly  although  we  do  not  allow  administrator 
access,  we  often  install  software  for  users.  We  also 
might  occasionally  allow  software  that  has  little  busi¬ 
ness  value  if  it  presents  little  risk  to  the  organization. 
We  have  Linux  and  Microsoft  applications  that  run 
side  by  side  without  attacking  one  another. 

I  fail  to  see  how  IT  will  ever  overcome  the  stereo¬ 
types  that  exist  in  the  business  world  if  we  cannot 
vanquish  them  from  our  own  community  first. 

Thomas  Staight 
Information  systems  administrator 
Nemcomed 
Hicksville,  Ohio 

Here  are  a  few  more  Real  IT  Guy  no-no  statements: 

•  I  bought  this  PC  because  it  matches  the  decor  of 
my  living  room. 

•  Let’s  call  tech  support  (the  equivalent  of  a  guy 
asking  for  directions). 

•  DOS  is  absolutely  useless. 

•  1  bought  this  PC  at  WalMart.  (Sam’s  Club  is  all 
right,  though.) 

•  Really,  who  needs  high-speed  Internet  access? 

Daniel  Schoedel 
Corporate  systems  analyst 
Fundamental  Healthcare 
Sparks,  Md. 


One  phrase  I  have  never  heard  from  a  Real  IT  Guy: 
“Hang  on,  I  just  need  to  check  the  documentation 
before  I  start.” 

Peter  Shires 
Melbourne,  Australia 

Maybe  it’s  a  difference  of  definition  that  causes  me 
to  disagree  with  a  couple  of  Mark  Gibbs’  statements 
about  a  Real  IT  Guy  He  writes, ‘Ask  [Real  IT  Guys] 
how  to  configure  Linux  or  what  exactly  is  the  span¬ 
ning  tree  algorithm  and  if  you  don’t  have  serious 
operating  system  experience  or  have  no  clue  about 
protocols,  forget  it.” 

I  say  a  Real  IT  Guy  will  explain  it  to  you  until  you 
either  understand,  pretend  to  understand  or  invent 
an  excuse  to  get  out  of  there,  including  gnawing  off 
your  own  arm. 

I’m  also  not  so  sure  about  Gibbs’“latest  and  great¬ 
est”  point.  1  consider  myself  pretty  real  —  when  my 
calculator  was  running  short  on  memory  1  didn’t 
buy  the  next  model,  1  cracked  that  puppy  open  and 
added  more  flash.  My  AMD  800s  are  tuned  perfectly 
You  know  you’re  looking  at  a  Real  IT  Guy’s  comput¬ 
er  because  it’s  got  the  cover  cut  to  accommodate  his 
homebrew  RAID  array. 

We  talk  about  “the  bit”  —  the  thing  in  someone’s 
head  that  makes  them  care  about  getting  things  right 
because  it’s  a  matter  of  personal  pride.  It’s  the  bit  that 
makes  you  eat  the  questionable  pizza  and  ignore 
personal  hygiene.  The  Real  IT  Guy  has  that  bit.  The 
Real  IT  Guy  never  says, “But  I’m  not  a  network/serv- 
er/database  guy”;  if  he’s  the  only  guy  there, he  figures 
it  out.  I’ve  seen  a  serious  decline  in  people  with  the 
bit,  and  therefore,  Real  IT  Guys. 

Sean  Walberg 
Winnipeg,  Canada 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 
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STRATEGY  SESSION 


JefF  Kaplan 


Stirring  the  soup  of  service  providers 


One  indication  that  a  technology  trend  is 
gaining  mainstream  attention  is  when  it 
becomes  a  target  for  mergers  and  acquisi¬ 
tions.  Recent  acquisitions  in  the  managed-ser¬ 
vices  and  software-as-a-service  segments  of  the  IT 
industry  are  not  only  clear  signs  that  these  new 
methods  of  dealing  with  age-old  technology  chal¬ 
lenges  are  winning  broad-based  acceptance,  but 
also  that  they  are  fundamentally  changing  the 
way  other  industries  do  business. 

In  July,  storage-product  vendor  Iomega  an¬ 
nounced  plans  to  acquire  CSCI,  a  San  Diego- 
based  managed-services  provider  (MSP).  In  the 
company’s  announcement,  CEO  Jonathan  Hub- 
erman  said,  “Iomega  is  taking  the  first  step  toward 
becoming  a  managed-services  company” 

Iomega  wasn’t  the  first  company  to  make  the 
move  from  a  productcentric  to  a  services-driven 
orientation.  Over  the  past  few  years,  other  promi¬ 
nent  technology  companies,  including  Sun  and 
Cisco,  have  acquired  MSPs  with  mixed  results 
(see  www.nwdocfinder.com/5332). 

With  escalating  concerns  about  computer 
viruses  and  other  potential  IT  threats,  managed- 
security  service  providers  (MSSP)  also  have  be¬ 
come  attractive  acquisition  targets  for  hardware 
and  software  vendors.  Last  month,  IBM  acquired 
Internet  Security  Systems,  a  pioneer  in  the  man¬ 


aged-security  services  market.  MSSP  deals  in  the 
past  few  years  include  Symantec’s  acquisition  of 
Riptech  and  @Stake,  and  Verisign’s  acquisition  of 
Guardant. 

Shortly  after  Labor  Day  the  array  of  acquirers 
expanded  with  Cognizant’s  acquisition  of  Aim- 
Net  Solutions.  Cognizant  is  a  U.S.-based,  offshore 
services  company  with  strong  skills  in  applica¬ 
tions  development,  integration,  reengineering, 

User  organizations  . . . 
increasingly  are  willing  to 
offload  or  out-task  these 
functions  to  third  parties. 

consulting  and  business  process  outsourcing. 
AimNet  offers  a  suite  of  managed  and  profession¬ 
al  services  that  help  small  and  midsize  business¬ 
es,  as  well  as  large-scale  enterprises,  with  their  IT 
infrastructure  requirements.  According  to  compa¬ 
ny  officials,  escalating  customer  demands  that 
Cognizant  assume  greater  application  and  IT 
infrastructure  management  responsibility  drove 
the  acquisition. 

At  the  same  time  that  the  MSP  sector  has 
become  a  hotbed  of  acquisitions,  software-as-a- 


service  providers  also  have  attracted  attention 
from  a  rapidly  expanding  assortment  of  suitors. 
Last  month,  ADP  acquired  Employease,  a  human 
resource  management  software-service  provider, 
marking  the  first  acquisition  of  a  software-as-a- 
service  provider  by  a  business  services  company. 
This  month,  Illinois  Tool  Works  acquired  Click 
Commerce,  a  provider  of  software  services  for 
supply-chain  management,  and  AT&T  acquired 
USinternetworking,  an  application  service  pro¬ 
vider,  to  expand  its  hosted  services. 

Each  of  these  transactions  is  in  response  to 
escalating  customer  frustration  with  the  hassles 
and  costs  associated  with  managing  today’s  busi¬ 
ness  applications  and  IT  infrastructures. 

The  latest  round  of  acquisitions  shows  that  a 
growing  number  of  technology  vendors,  BPOs 
and  even  traditional  manufacturers  are  seeking  to 
satisfy  their  customers’  changing  needs.  Buying  a 
managed-service  capability  to  assume  greater 
responsibility  is  a  noble  undertaking.  But  to  be 
successful,  these  acquirers  will  need  to  trans¬ 
form  their  corporate  cultures  from  a  product¬ 
centric  to  a  services-driven  orientation. 

Kaplan  is  managing  director  of  THINKstrat- 
egies,  a  consultancy  in  Wellesley,  Mass.  He  can  be 
reached  at  jkaplan@thinkstrategies.com. 


YANKEE  INGENUITY 
Howard  Anderson 


Medicine:  The  next  big  thing 


What’s  the  next  big  thing?  I  get  that  question 
a  lot,  usually  from  high-tech  entrepre¬ 
neurs  or  venture  capitalists  searching  for 
what  to  do  next.  Actually,  they  are  more  interest¬ 
ed  in  regaining  their  adrenaline  rush  than  any¬ 
thing  else.  Face  it;  we  all  miss  the  thrill  of  being 
on  top  of  the  world  as  it  changed  and  knowing 
we  had  changed  it.  The  last  five  years  in  technol¬ 
ogy  have  been  boring,  boring,  boring  —  kind  of 
like  watching  an  English  Test  cricket  match  that 
goes  on  for  days. 

“If  I  knew,  I  would  tell  you”  is  my  usual  reply  I  am 
lying  through  my  teeth;  I  would  tell  them  squat. 
Well,  I  might  tell  them  after  I  had  made  a  few 
investments  —  when  I  owned  part  of  the  right 
companies  and  the  intellectual  high  ground.  But 
the  sad  fact  is  that  20  years  ago  I  could  see  2006 
crystal  clearly  Now,  I  can’t  see  next  week. 

So  it  was  interesting  to  have  Andy  Kessler  stop 
by  last  week.  Kessler  has  been  a  researcher  at 
Bell  Labs,  a  high-tech  stock  analyst  for  Wall 
Street,  a  hedge  fund  manager  and  an  author 
( Running  Money  and  Wall  Street  Meat).  He  went 
to  boxing  matches  with  Jack  Grubman,  knew 
Mary  Meeker  when  she  was  barely  visible,  twice 
turned  down  investors  trying  to  give  him  $500 
million,  because  he  knew  the  end  of  the  bubble 
was  upon  us,  and  hangs  with  the  venture  capi¬ 
talists  in  Silicon  Valley  He  is  high-tech  royalty. 

Kessler  is  trying  to  figure  out  what  is  The  Next 
Big  Thing,  too.  Isn’t  everyone?  But  he  thinks  he 
found  it.  His  thesis:  Look  for  where  chips/soft¬ 
ware/communications  will  affect  the  status  quo, 


where  decreasing  costs  will  lead  to  exploding 
new  applications,  which  will  bring  burgeoning 
innovative  industries  to  the  forefront.  He  is  look¬ 
ing  for  a  technology  that  scales.  And  he’s  found 
it  in  medicine.  Medicine?  I  hate  medicine.  I  won’t 
even  watch  “General  Hospital"  or“ER”  on  TV.  But 
Kessler  makes  a  point:  It  will  be  possible  to  have 
a  world  where  we  won’t  have  heart  attacks  and 
strokes,  much  as  we  now  don’t  have  smallpox 
and  polio. The  technology  is  there.  Kessler  writes 
about  it  in  his  new  book,  The  End  of  Medicine: 
How  Silicon  Valley  ( and  Naked  Mice)  Wilt  Reboot 

Any  time  a  technology  can 
replace  people,  whole  new 
worlds  open. 

Your  Doctor,  which  you  should  read. 

Example:  Most  hospitals  have  two  radiologists 
read  every  X-ray.  Some  send  these  X-rays  elec¬ 
tronically  to  Australia  to  be  read,  but  that  only 
lowers  the  cost  of  the  doctor.  But  other  hospitals 
are  reading  half  of  these  X-rays  by  a  neural  com¬ 
puter,  which  gets  smarter  the  more  X-rays  it  sees. 
So  maybe  your  doctor  is  obsolete.  Remember,  we 
used  to  have  bank  tellers,  travel  agents  and  tele¬ 
phone  operators,  but  technology  put  them  out  of 
business.  Any  time  a  technology  can  replace 
people,  whole  new  worlds  open. 

Another  example:  Don’t  guess  that  a  patient 
may  have  cancer;  open  the  patient  up  with  a  tiny 
nanotech  probe  and  see  —  and  do  it  unobtru¬ 


sively  and  inexpensively  Early  detection  beats 
remediation  hands  down. 

Here’s  the  good  news:  The  government  won’t 
help,  which  means  it  won’t  hurt.  These  markets 
are  going  to  be  so  big,  so  profitable,  that  the 
retrenched  venture  capitalists  will  pour  money 
in,  then  the  private-equity  boys  and  finally  the 
hedge  funds.  Money  goes  where  it  is  loved. 

So  I  invited  the  honchos  of  Boston  medicine 
over  to  my  house  to  hear  Kessler.  These  are  the 
people  who  run  the  establishment,  whose  cre¬ 
dentials  are  irrefutable,  who  have  made  their 
careers  and  their  hospitals  fortresses.  At  first, they 
humored  Kessler,  but  you  could  see  their 
patience  was  wearing  thin.  I  was  reminded  of  the 
telecom  industry  poobahs  when  they  first 
encountered  packet  switching  and  VoIP  —  they 
were  in  denial.  Then  I  saw  their  smoldering 
anger  —  they  were  seeing  the  threat.  1  recalled 
IBM  meetings  where  the  idea  of  minicomputers, 
desktop  computers  and  personal  software  was 
once  raised.  Then  I  saw  a  glimmer  of  light  — 
they  realized  that  maybe  all  this  would  happen 
. . .  after  they  retired. 

Kessler  just  smiled. 

Anderson  is  the  founder  of  The  Yankee  Group 
and  YankeeTek,  and  a  co-founder  of  Battery 
Ventures.  He  lectures  on  technology  at  the 
Massachusetts  Institute  of  Technology  and 
speaks  on  technology  subjects  at  meetings 
across  the  country.  He  can  be  reached  at  hander 
son  @yankeetek.  com. 
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Florida  Guardian  ad  Litem  Saw  the  Future  of  Child  Advocacy. 


Citrix  Provided  Access. 


“Custody  rulings.  Foster  care.  Adoptions.  Our  founding  vision  was  to  give  every  abused 
and  neglected  child  in  Florida  a  strong  advocate  in  court.  Two  years  later,  we’re  well  on 
our  way.  Today,  program  staff,  attorneys  and  over  5,000  volunteers  represent  more 
than  27,000  children.  Instead  of  information  in  file  drawers  scattered  all  over  the  state, 
Citrix  software  gives  advocates  secure  access  to  our  case  management  system  from 
anywhere.  Resources  are  precious,  so  we  must  apply  them  wisely,  not  waste  time 
chasing  data.  These  kids  depend  on  us.  That’s  why  we’re  depending  on  Citrix  to  take 
us  the  rest  of  the  way  to  advocate  for  every  Florida  child  in  need.  ” 


■  ■ 


JOHNNY  C.  WHITE 
CIO 

Florida  Guardian  ad  Litem  Program 
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and/or  one  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  United  States  Patent  and 
Trademark  Office  and  in  other  countries.  All  other  trademarks  and  registered  trademarks  are 
the  property  of  their  respective  owners. 
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STORAGE 

Las  Vegas  Review-Journal  . 

Kindred  Healthcare . 

Cabell  Huntington  Hospital  . 

Franklin  W  Olin  College  of  Engineering 

LANS  S  ROUTERS 

City  of  Loma  Linda  . 

BNSF  Logistics . 

Childrens  Hospital  of  Philadelphia  . . . 
Community  Health  Network . 

APPLICATIONS 

Saugus  Union  School  District . 

MasterBrand  Cabinets . 

Aeroplan  . 

MedicAlert  Foundation . 


xcellence  is  learned.  So  it  stands  to  reason  that  it  also  must  be 
studied.  In  that  spirit,  the  40  companies  honored  as  winners  of 
Network  Worlds  second-annual  Enterprise  All-Star  Award  stand 
as  examples  of  excellence. 

But  what  exactly  does  that  mean?  Nearly  every  enterprise 
today  can  point  to  technology  projects  that  save  big  bucks.  Or  to 
technology  projects  that  let  corporations  conduct  business  faster  and  more  efficiently 
What  differentiates  these  40  companies  and  their  award-winning  projects  can  be  summed 
up  in  a  word:  innovation. 

Each  of  the  projects  profiled  advances  the  use  of  newer  technology  or  uses  mainstream 
tools  in  an  innovative  way  For  instance,  Papa  Gino’s  and  D’Angelo  Sandwich  Shops  stands 
as  a  proving  ground  for  chip-level  security  Wilson  &  Company  Engineers  and  Architects, 
bucks  conventional  wisdom  and  uses  freeware  to  automate  configuration  across  dozens 
of  makes  and  models  of  desktops.  Alamance  Regional  Medical  Center  saves  $1  million  a 
year  through  judicious  use  of  application  virtualization. 

Continued  on  page  SB 


A  who's  who 
of  All-Stars 


INSIDE  this  Enterprise  All-Star  package, 
we  feature  the  40  winners  by  project  technology. 
The  eight  categories  and  the  winners  in  each  are 
as  follows: 


SECURITY 

Papa  Gino’s  and  D’Angelo  Sandwich  Shops  ...  .75 

Continental  Airlines . 80 

FirstHealth  of  the  Carolinas  . 78 

1-800-flowers.com  . 80 

Appalachian  State  University . 80 


WANS, VUIP  S  CUNVERGENCE 

U.S.  Department  of  Health  and  Human  Services, 


Office  of  Inspector  General . 86 

Goldsmith  Agio  Helms  . 88 

Inergy  Automotive  Systems . 88 

Phccess . * . 88 


NETWURK  MANAGEMENT 

BNSF  Railway . 69 

Evolution  Benefits . 70 

PHH  Mortgage . 70 

Priceline.com . 70 

Wilson  &  Company, 

Engineers  &  Architects  . 70 

OS,  SERVERS  G  UATA  CENTER 

Wachovia  Bank . 72 

Subaru  of  Indiana  Automotive . 72 

Taleo . 73 

Alamance  Regional 

Medical  Center  . 72 


Credit  Suisse . 78 

Harvard  Business  School  . 78 

NewYork-Presbyterian  Hospital  . 78 

Ochsner  Health  System . 82 

Prudential  Financial  . 82 

Southwest  Washington  Medical  Center . 82 

University  at  Buffalo  Health 

Sciences . 82 

WIRELESS  G  MOBILITY 

Wound  Technology  Network  . 84 

Kansas  City  Power  &  Light  . 84 

Vassar  Brothers  Medical  Center . 84 


ii 


Guide  to  the 
’06  All-Stars 

+  Our  40  Enterprise  All-Star  Award 
winners  put  a  shine  on  innovation. 


COVER  ILLUSTRATION:  NANCY  STAHL 
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Alamance  is  hardly  alone  with  its  great  financial  picture.  It 
almost  goes  without  saying  that  these  companies  know  how 
to  squeeze  a  nickel.  In  all,  winners  report  saving  more  than 
$20.7  million  in  the  first  year  of  implementation,  on  expendi¬ 
tures  of  just  less  than  $20  million.  Equally  impressive  is  that 
excellence  has  become  a  speedy  affair:  Projects  took  a  medi¬ 
an  of  eight  months  from  planning  to  production,  with  82% 
requiring  less  than  a  year. 

Healthcare  dominates  the  list  with  one-third  of  the  winners 
—  and  for  good  reason.  Healthcare  companies  are  leaders 
in  gleaning  cost  savings  for  their  efforts.  Spending  by 
healthcare  companies  ranged  from  $10,000  for  a  network 
access-control  project  to  $3.2  million  for  an  integrated 
wireless  infrastructure  (with  a  median  of  $240,000).  The 
projects  immediately  paid  for  themselves,  however,  with 
healthcare  companies  reporting  a  mean  one-year  ROl  of 
227%. 


Interestingly,  education  winners  were  the  big  spenders  on 
the  list,  with  a  mean  project  cost  of  just  more  than  $1  mil¬ 
lion  (median  $375,000).  Even  so,  not  all  the  education  proj¬ 
ects  were  expensive.  Saugus  Union  School  District  won  for 
its  low-budget  use  of  open  source  tools  to  build  a  rich  col¬ 
laborative  portal.  Financial  services,  manufacturing  and 
travel/transportation  also  produced  a  notable  number  of 
winning  entries  (see  winners  by  vertical  industry,  right). 

Interesting,  too,  was  the  wide  selection  of  vendors  among 
winning  projects. Stalwarts  such  as  Cisco,  EMC,  IBM,  Juniper 
and  Nortel  made  a  fair  showing  (see  vendors  to  the  All- 
Stars,  page  96).  Among  vendors,  Cisco  scored  the  most 
wins,  with  its  gear  used  in  five  projects,  while  products  from 
the  others  saw  use  in  a  respectable  three  winning  projects 
apiece.  Creative  winners  also  relied  on  products  from  the 
open  source  world  and  from  start-ups,  proving  that  killer 
technology  can  be  found  wherever  you  look  for  it.  9 


All-Stars  by  the  numbers 


40=  Number  of  winners 

56  Number  of  vendors  used  in 
award-winning  projects 

92  Number  of  key  products 
used  in  projects 

*839,725  mean  project 

budget 

*939,733  mean  project 

savings 

*19.9  million  - 

total  expenditures 

*20.7  million . 

total  reported  savings 

*3.5  million  biggest 

project  budget 

S0  smallest  project  budget 


6  Number  of  years  for  longest- 
running  project 

1  Number  of  months  for 
shortest  project 

12  =  Number  of 
projects  for  security,  the  most 
popular  technology  category 

10  Number  of  winners  in 
healthcare,  the  vertical  industry 
with  the  most  wins 

5  Number  of  projects  using  gear 
from  Cisco,  the  vendor  with  the 
most  wins 

11,317  total  number  of  IT 

workers  at  winning  companies 

22  median  number  of  IT 
workers  at  winning  companies 


Judging  an  All-Star 

IN  TWO  ROUNDS,  multiple  judges  evaluated  near¬ 
ly  200  qualified  nominations  based  on  five  crite¬ 
ria.  Judges  looked  for  innovative  use  of  technolo¬ 
gy  to  solve  a  business  problem.  They  evaluated 
the  scope  of  the  project  in  terms  of  size,  invest¬ 
ment,  business  processes  and  employees  affect¬ 
ed.  They  rated  the  value  of  the  project  to  the 
company,  including  factors  such  as  ROI,  busi¬ 
ness  efficiencies  and  influence  on  the  company’s 
income-earning  potential.  They  looked  at  the 
project’s  ability  to  stand  as  an  example  to  its 
industry  and  its  potential  as  a  role  model  for 
other  industries.  The  judges  scored  projects  on 
a  scale  of  1  to  5  for  each  criterion.  Network  World 
editors  then  selected  the  high-scoring  entries. 
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All-Stars  by  industry 


CONSTRUCTION 

Wilson  &  Company,  Engineers 

and  Architects . 70 

EDUCATION 

Appalachian  State  University . 80 

Franklin  WOlin  College  of  Engineering  .  .90 

Harvard  Business  School . 78 

Saugus  Union  School  District  . 94 

University  at  Buffalo 

Health  Sciences  . 82 

FINANCIAL  SERVICES 

Credit  Suisse  . 78 

Goldsmith  Agio  Helms . 88 

PHH  Mortgage . 70 

Prudential  Financial . 82 

Wachovia  Bank . 72 
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YOUR  INTERN  JUST  HAD  A  $100,000  PAYDAY. 
UNFORTUNATELY,  IT  WAS  FROM  THE  SALE  OF  YOUR  DATA. 


If  your  data  could  talk,  it  would  tell  you  that  it  could  be  stolen  from  right  under  your  nose.  If  your  enterprise  suffers  a 
data  breach,  are  you  ready?  That's  why  there's  EpiForce™  from  Apani  Networks™.  It's  built  from  the  ground  up  to 
secure  data  inside  the  perimeter.  Plus,  it's  highly  scalable,  centrally  managed  and  supports  multiple  OS  platforms. 
EpiForce  can  help  secure  your  sensitive  data  from  a  threat  that  could  be  just  around  the  corner. 

To  learn  about  best  practices  to  address  insider  threats,  get  a  free  copy  of  'The  Insider  Threat 
Benchmark  Report"  published  by  the  AberdeenGroup  at  www.apani.com/nw-insider. 
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MICROSOFT.COM/SECURITY/IT 

Microsoft' 


Tools  to  help  secure  your  network,  where  and  when  you  need  them. 

The  Microsoft  Malicious  Software  Removal  Tool — over  16  million  instances  of  malware  removed  and  counting.  Read  the 
white  paper,  based  on  data  collected  by  this  effective  tool.  It  arms  you  with  a  clear  view  of  the  security  landscape,  including; 
the  latest  trends,  threats,  and  countermeasures.  Find  it  now  at  microsoft-com/security/IT 


2006-  Microsoft  Corporation.  All  rights  reserved  Microsoft: is- a  registered 
trademark  cf  Microsoft  Corporation  in  the- United  States  and/or  other  countries-. 


A  Pentair  Company 

!  need  to  install  a  Cat  6  network  with  VoIP 
serving  200  drops  in  eight  weeks. 

I  need  thermal  and  cable  management  solutions 
that  fit  my  project  and  budget. 

I  need  one  source  I  know  will  deliver. 


I  need  Hoffman. 


When  you  have  a  lot  of  decisions,  there’s  one  choice  that’s  simple:  Hoffman. 

You  may  know  us  as  the  leading  choice  in  enclosure  technology.  But  do  you  know  everything  else  we  can  do?  Hoffman  offers: 

■  The  broadest  range  of  innovative  racks,  cabinets,  cabling  solutions  and  network  accessories  at  affordable  prices. 

■  A  wide  array  of  modification  options. 

■  Thermal  management  solutions  that  handle  next-generation  servers  and  networks. 

■  Answers  to  seismic  vibration,  with  cabinets  compliant  to  Telcordia  GR-63-C0RE,  NEBS™  Requirements: 

Physical  Protection  and  California  Building  Code. 

■  Improved  installations  resulting  from  versatile  cable  management  systems. 

■  EMI/RFI  shielding  for  data  reliability. 

*  Fast  ordering  and  local  availability. 

Turn  to  one  trusted  source  for  all  your  storage  and  protection  needs.  Hoffman. 


Hoffman.  What  your  work  demands. 


www.  ehoffman.  com 


©2006  Hoffman  Enclosures  Inc. 
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+  A  railway’s  network  overhaul  begins 
with  automation  and  saves  $600, (JuO. 


BY  BETH  SCHULTZ 


NSF  Railway  prides  itself  on  its  150-year  history  That  a  historic 
transportation  company  has  become  a  modern, agile  shipping 
giant  has  much  to  do  with  its  sophisticated  use  of  network 
management  technology 

BNSF  Railway  has  embraced  automated  management 
processes  to  handle  changes  across  thousands  of  network 
devices.  Without  such  automation,  the  company's  efforts  to  revamp  both  its  wireless  and 
wired  infrastructures  would  derail,  says  Greg  Britz,  manager,  Technology  Services,  for  the 
Fort  Worth, Texas-based  railway 


“Engineering  needs  a  consistent  way  of 
configuring  and  managing  devices  sys¬ 
temwide.  Up  to  this  point, configuration  had 
been  a  manual  process.  We  had  manuals 
and  guidelines,  but  any  error  could  occurs 
he  says.“An  automated  tool  helps  keep  con¬ 
figurations  consistent  across  platforms.” 

BNSF  Railway  earns  distinction  as  a  2006 
Enterprise  All-Star  for  its  adoption  of  auto¬ 
mated  change  and  configuration  manage¬ 
ment,  using  Opsware's  Network 
Automation  Suite,  and  for  applying  the 
technology  in  massive  network  upgrades. 
BNSF  Railway  reports  an  expected 
$600,000  in  cost-savings  over  three  years,  on 
its  Opsware  investment  of  $295,000. 

Configuring  the  wireless  net 

On  the  wireless  side,  the  network  team 
has  been  using  Opsware  to  run  automated 
configuration  management  as  part  of  a  $2.5 
million,  two-year  WiFi  network  migration  to 
a  centralized  switch  architecture.  Through 
the  project,  BNSF  Railway  is  doubling  the 
number  of  wireless  switches,  up  from  a 
dozen,  and  making  sure  each  switch  runs 
the  same  operating  system  version,  says 
Mike  Garrett,  senior  systems  engineer  with 
BNSF  Railway 

The  network  team  has  been  able  to  down¬ 
load  the  operating  system  image  to  all  IP 
routers  and  switches  —  Aruba  Networks' 
Mobility  Controllers  —  en  masse  in  a 
process  that  took  about  five  minutes.“It's  a 
mouse  click,  a  push  and  a  boot,"  Garrett 
says.  Prior  to  using  Opsware,  the  team  could 


handle  configuration  upgrades  remotely 
but  individually  in  a  process  that  took  30 
minutes  per  switch,  he  adds. 

The  project,  which  is  nearly  complete, 
also  entails  upgrading  600  legacy  Cisco 
access  points,  Britz  says.  Because  of  the 
automated  management  processes,  he 
adds,  “this  has  been  a  breakout  year  for  us 
with  wireless.” 

Automated  change  for  the  wired  net 

On  the  wired  side,  BNSF  Railway  has 
been  using  the  Opsware  auto-discovery 
function  to  scan  its  infrastructure  and 
input  the  IP  addresses  of  600  routers  and 
2,500  hubs  and  switches  into  the  change 
management  system. 

“The  features  available  in  this  type  of  con¬ 
figuration  management  tool  provide  BNSF 
with  multiple  automated  resources  to  man¬ 
age  a  complex  network,”  says  Clint  Wise, 
WAN  analyst  for  the  railway 

For  example,  the  tool  assigns  a  primary 
management  IP  address  for  each  device, 
and  automatically  de-duplicates  devices  it 
has  discovered  via  multiple  IP  addresses. 
Once  a  device’s  configuration  information 
is  recorded  in  the  Opsware  system,  any 
change  to  that  switch  or  router  triggers  a 
change  notification  process  that  ends  with 
an  alert  for  centralized  maintenance  per¬ 
sonnel.  Those  staff  members  confirm  or 
deny  the  change  once  they  review  the 
potential  network  impact.The  Opsware  sys¬ 
tem  maintains  the  change  history,  should  a 
rollback  be  required,  Garrett  says. 


Ill 


-  GREG  BRIT  2,  MANAGER,  TECHNOLOGY 
SERVICES,  BNSF  RAILWAY,  WITH  PROJECT 
TEAM  MEMBERS  CLINT  WISE,  LEFT, 

AND  MIKE  GARRETT  ?  ^ 


The  network  team  also  has  set  up  device 
templates  to  make  sure  each  configuration 
change  complies  with  network  policies. 
The  Opsware  software  checks  a  device’s 
configuration  against  the  template,  and  if  it 
is  out  of  sync,  sends  out  a  notice  describing 
the  noncompliance,  Garrett  says. 

Once  all  devices  have  been  input  into  the 
Opsware  system,  the  network  team  will  be 
able  to  undertake  its  planned  $13  million, 
three-year  infrastructure  overhaul,  Britz 


says.  It  will  use  the  Opsware  tool  to  push  out 
configuration  updates  across  switches  and 
routers.  Britz  expects  the  auto-discovery 
process  to  be  complete  by  the  end  of 
September, and  the  overhaul  to  begin  short¬ 
ly  thereafter. 

“With  Opsware,"  Britz  says,“we  [will]  be 
much  more  efficient.  We’ll  be  handling 
configuration  updates  in  milliseconds 
compared  to  minutes  or  hours  when  con¬ 
figuring  by  hand."® 


All-Star  Wit  S  Wisdom  “We  are  inclined  to  do  rolling  upgrades  to  make  sure  our  Web  site 
continues  to  improve  but  in  a  way  that  never  costs  us  downtime ron  rose,  cio,  priceline.com 
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Perfecting 
app  performance 


+  A  benefits 
business  on  1 


ment  provider  builds  its 
%  uptime. 


BY  BETH  SCHULTZ 


o  manage  application  perform¬ 
ance,  Evolution  Benefits  starts 
right  at  the  source  —  the  code 
itself.  “We  sell  our  performance 
and  uptime,”  explains  Sean  Erwin, 
vice  president  of  application  development  for  the 
Avon,  Conn.,  company. 

Evolution  Benefits  sells  a  prepaid  benefits  card, 
called  Benny,  for  employers  to  offer  as  part  of  their 
benefits  programs.  When  employees  sign  up  for  a 
Flexible  Spending  Account  or  some  other  tax-favored 
benefit,  they  can  use  Benny  to  pay  for  eligible  out-of- 
pocket  and  other  expenses.The  card  payment  system 
debits  the  payment  from  the  appropriate  accounts. 
“Employees  no  longer  must 
pay  for  services, submit  claims, 
and  then  wait  for  reimburse¬ 
ment,”  he  describes. 

As  part  of  this  process,  a 
company’s  benefits  adminis¬ 
trators  must  be  able  to  access 
the  back-end  application  — 
a  .Net/Web  services-based 
Web  portal  called  Benny 
Central  —  at  will. 

“Performance  and  uptime  are  key  drivers  in 
enabling  benefits  administrators  to  support 
employees,”  he  says. 

Via  Benny  Central,  benefits  administrators  can  use 
various  tools  to  set  up  the  prepaid  cards  for  employ¬ 
ees,  provide  customer  service  and  automatically  sub¬ 
stantiate  transactions  per  Internal  Revenue  Service 
guidelines,  he  says.  Monitoring  application  perform¬ 
ance  at  the  code  level  was  the  only  way  to  guarantee 
uninterrupted,  real-time  access  to  Benny  Central. 

The  company  gets  our  nod  as  a  2006  Enterprise  All- 
Star  for  going  above  and  beyond  on  application  per¬ 
formance.  Since  this  platform  wrapped  up  in  late 
2005,  application  downtime  has  been  eliminated 
while  management-related  costs  are  down  by  one- 
third. “Our  app  has  to  be  up  100%  of  the  time,”  Erwin 
says. “We  needed  a  tool  that  could  monitor  perform¬ 
ance  and  identify  problems  quickly  —  and  not  just 
the  problem,  but  what  the  user  was  doing  when  it 
occurred.  We  needed  to  put  the  problem  in  context.” 


"We  sell  our 
performance 
and  uptime.” 

SEAN  ERWIN,  VICE  PRESIDENT  OF  APPLICATION 
DEVELOPMENT,  EVOLUTION  BENEFITS 


Evolution  Benefits  turned  to  AVIcode’s  Intercept 
Studio, a  specialized  .Net  application-monitoring  tool. 
Intercept  Studio  agents,  installed  on  machines  run¬ 
ning  .Net  applications,  monitor  the  applications  for 
performance  degradations,  code  failures,  and  securi¬ 
ty  and  connectivity  problems.  AVIcode's  .Net 
Management  Pack  software  sends  exceptions  from 
Intercept  Studio  into  Evolution  Benefits’  Microsoft 
Operations  Manager  (MOM)  system.  From  MOM,  it 
gets  a  view  of  all  exceptions,  including  those  not  gen¬ 
erated  from  the  application,  Erwin  says.  It  receives 
alerts  through  MOM,  then  uses  AVIcode’s  Intercept 
SEViewer  to  work  the  issue  in  real  time,  he  adds. 

At  the  development  level,  Intercept  Studio  has 
reduced  operating  costs  asso¬ 
ciated  with  the  bug-fix  queue 
by  25%  to  30%,  Erwin  says.  In 
production, the  tool  points  out 
performance  issues  before  the 
application  becomes  unus¬ 
able,  resulting  in  100% 
uptime  since  deployment. 
“We  can  specify,  'If  this  part 
takes  more  than  two  millisec¬ 
onds,  then  notify  us,'"  says 
Aaron  Junod,the  senior  application  developer  who 
architected  the  Benny  Central  Web  services.  And 
the  monitoring  has  no  affect  on  the  back-end  infra¬ 
structure,  he  says. 


PHH  MORTGAGE 


Nixing  desktop  support  problems 

Employees  at  this  Mount  Laurel,  NJ.-based  mortgage  company 
often  regroup  and  move  from  one  work  location  to  another. 
Change  was  so  constant  during  the  3004  refinancing  boom  that 
two  dedicated,  full-time  desktop  support  staffers  were  needed  to  handle 
the  9.3  desktop  moves  and  1.3  adds  taking  place  on  an  average  day,  says  Pat 
Oelany,  manager  of  desktop  support.  Today,  desktop  moves  require  little  IT 
attention,  due  to  a  tech  refresh  project  and  a  rearchitected  client  environ¬ 
ment.  Using  the  standard  feature  set  in  the  Windows  XP  Sysprep  System 
tool,  all  system  applications  and  drivers  get  preloaded  into  a  single  master 
image.  IT  also  cloned  a  master  hard  drive,  and  now  PCs  are  ready  for  deploy¬ 
ment  as  needed.  When  a  user  logs  on  to  the  new  workstation,  previously 
existing  desktop  and  application  information  specific  to  that  user  profile  is 
installed.  The  10-minute  application  install  takes  place  in  the  background, 
vs.  the  45-minute  process  of  old  that  locked  up  the  system,  Oelany  says.  To 
date,  PHH  counts  7,300  PCs  as  part  of  this  $70,000  client  update  project, 
which  has  resulted  in  a  net  savings  of  $746,500  and  an  internal  rate  of 
return  of  388%  over  three  years  with  a  payback  period  of  1.3  years,  he 
reports. 


PRICELINE.COM 


Taking  off  with  automated  server  management 

With  $3,3  billion  in  gross  travel  bookings  for  3005,  Priceline.com 
handles  millions  of  page  views  and  tens  of  thousands  of  cus¬ 
tomer  purchases  each  day.  To  support  this  activity, 
Priceline.com  has  set  up  two  load-balanced  production  infrastructures, 
passing  traffic  among  thousands  of  Web  and  database  servers  at  three 
physical  sites.  The  company  is  well  recognized  for  its  site  uptime  because  of 
its  use  of  BladeLogic's  BladeLogic  Operations  Manager  server  management 
software  suite,  says  Ron  Rose,  CIO  at  the  Norwalk,  Conn.,  travel  giant.  The 
software  automates  server  provisioning,  updating,  patching  and  trou¬ 
bleshooting.  Among  benefits,  Rose  reports  rolling  back  changes  across  the 
server  infrastructure  in  10  minutes  and  a  60%  reduction  in  administrative 
work  related  to  configuration.  Priceline.com  continues  to  find  new  uses  for 
the  technology,  especially  within  acquired  companies,  he  adds. 


WILSON  G  COMPANY  ENGINEERS  AND  ARCHITECTS 


The  transparency  is  important,  he  notes,  because  Building  UU  UnbuildttblB  desktop  image 


traffic  is  growing  steadily  and  he  does  not  want  any 
drag  on  processing.  In  March,  for  example,  the  com¬ 
pany  handled  about  900,000  individual  Web  servic¬ 
es  calls,  a  30%  to  40%  jump  from  February  Through 
August,  the  company  has  seen  monthly  increases  of 
10%  to  20%,  he  adds. 

Evolution  Benefits  has  invested  less  than  $500,000 
in  this  piece  of  its  application  performance  strategy 
It  recouped  that  cost  in  the  first  six  months  follow¬ 
ing  deployment,  Erwin  says. 

Equally  as  important,  the  100%  uptime  has  result¬ 
ed  in  an  auto-substantiation  rate  of  more  than  80%, 
he  says. This  is  a  competitive  advantage,  Erwin  says. 
“This  gives  us  among  the  highest  substantiation 
rates  in  the  industry’® 


Ti 


•he  IT  staff  at  this  fast-growing  Albuquerque,  N.M.,  firm  was  up 
to  its  elbows  getting  desktops  ready  for  new  hires  and  main¬ 
taining  older  ones  that  employees  use  for  office,  geospatial  and 
computer-aided-design  applications,  In  February,  Network  Administrator 
Brett  Maltbie  and  his  team  invented  a  method  to  create  a  single  base 
image  that  loads  Microsoft  XP  Service  Pack  3  on  more  than  85  models  of 
workstations  from  eight  manufacturers  -  this  despite  Microsoft’s  claim 
that  most  hardware  abstraction  layers  (HAL)  require  their  own  image.  He 
created  the  ultra-flexible  image  using  Microsoft's  Sysprep,  Bart’s 
Preinstalled  Environment  PE  freeware  and  the  Notification  Server  and 
Rapid  Deploy  features  from  Altiris’  Client  Management  Suite.  “We  can 
take  our  image  and  convert  it  to  pretty  much  any  HAL  that  exists,”  he 
says.  “The  coolest  part  is  that ...  a  rebuild  takes  under  two  minutes  and 
used  to  take  two  hours.”  The  project  cost  a  mere  $3,000  and  saves 
$13,000  a  year,  Maltbie  estimates. 

A  NETW0RKW0RLD 


ENTERPRISE 

ALL-STAR 


All-Star  Wit  s  Wisdom  “By  preventing  common  l desktop 1  issues  and  providing  the  ability  to 
resolve  client  issues  remotely,  you  will  irive  down  your  ongoing  support  cost  and  reduce  your 

overall  cost  per  system.  PAT  DELANEY,  MANAGER  OF  DESKTOP  SUPPORT,  PHH  MORTGAGE 


See  Why  More  &  More  Businesses  are  Switching  to  D-Link 

"The  State  of  Louisiana  entrusts  us  with  sensitive  information . 
We  trust  D-Link®  NetDefend ™  and  switching  to  keep  our  data 
and  communications  secure. " 

-Collis  Temple,  CEO 
Harmony  Center,  Inc. 


Proven  Enterprise-Level  Networking  &  Security  is  Now  Within  Your  Reach 

Network  security  is  no  longer  a  luxury.  But  you  can’t  afford  to  have  your  security  solution  grind  your  productivity 
to  a  crawl,  either.  Harmony  Center,  Inc.  chose  D-Link  switching  and  security  solutions  to  get  both  protection  and 
speed  —  affordably. 


D-Link  provides  End-to-End  Solutions  for  Small  and  Medium  Business.  The  switches  that  make  up  your  network 
backbone,  advanced  firewalls  and  Virtual  Private  Networks  (VPN),  Network  Attached  Storage  (NAS),  business- 
class  wireless  —  D-Link  wants  to  be  your  IT  vendor  of  choice,  and  we  believe  we  have  earned  that  consideration, 
Our  products  match-up  feature  for  feature,  and  as  a  true  designer  and  manufacturer  we  are  in  direct  control  of 
both  quality  and  costs.  That  means  you  get  the  highest-quality  products  with  the  most  aggressive  pricing  in  the 
industry.  Connections  Made.  Money  Saved.  Period. 


Trust  the  Global  Leader  in  SMB  Connectivity 
END  TO  END  SOLUTIONS 

From  the  core,  to  the  edge,  to  wireless  switching:  0-Link  provides 
complete  end-to-end  networking  solutions  tor  your  business 


MARKET  LEADERSHIP 

Shipping  more  than  100,000  connections  a  day  worldwide, 
D-Link  is  the  market  share  leader  in  SMB  connectivity' 


ln0S3 


PRODUCT  EXCELLENCE 

Put  your  trust  in  a  true  designer  and  manufacturer  that’s  been 
delivering  excellence  in  engineering  for  two  decades 
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End-to-End 

Networking  Solutions  for 
Your  Growing  Business 


D-Link  celebrates  20  years  of 
networking  excellence.  Limited  time 
savings  on  over  300  products! 


Learn  more  at  www.dlink.com/at-work 
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Switching 
IP  Telephony 
Network  Storage 


^4/rPremier- 

(Wireless  } 


Q  NetDefend 


Market  Share  information  derived  from  In- Suit  f*2  2005  Wireless  I  AN  lijuipntew.  U  theme  t 1  AN  Switch  and  Broadband  Equipment  'Market  Share  Reports.  Prices  and  specifications  are  subject  to  change 
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utility  computing  pay 

By  virtualizing  its  Java  application  infrastructure, 

Wachovia  Bank  achieves  a  300%-plus  ROI.  Bv  >«u£  BBBr 


hile  others  talk 
about  how  utility 
computing  and  a 
services  orientation 
could  affect  IT  delivery 
Wachovia  Bank  is  a  liv¬ 
ing  demonstration. The  financial  services  giant,  which  con¬ 
trols  assets  of  about  $541  billion,  wins  membership  to  the 
2006  Enterprise  All-Star  Award  list  for  its  application  virtual¬ 
ization  project. 

Completed  in  May  this  is  the  latest  effort  in  an  ongoing  vir¬ 
tualization  strategy  says  Tony  Bishop,  senior  vice  president 
and  director  of  product  management  for  Wachovia,  in 
Charlotte,  N.C.  The  project  relies  on  DataSynapse’s 
FabricServer,  which  distances  Java  applications  from  appli¬ 
cation  servers  so  they  can  be  parceled  out  onto  any  avail¬ 
able  application  server  at  run-time. 

The  project  flowed  naturally  from  five  years  of  advanced 
network  work.  Wachovia  became  one  of  the  first  commer¬ 
cial  users  to  deploy  business  applications  on  a  grid  com¬ 
puting  architecture  with  the  implementation  of 
DataSynapse  GridServer  (and  consequently  became  one  of 
the  vendor’s  institutional  investors).  By  2005,  the  grid  had 
become  Wachovia’s  standard  application  server.  Today  it 
operates  on  3,000  dedicated  engines  with  an  additional 
5,000  CPUs  that  can  be  tapped  as  needed,  Bishop  says. 

All  this  is  the  basis  for  Wachovia’s  service-oriented  infra¬ 
structure  (SOI),  which  Bishop  likens  to  an  IT  utility.  For 
example,  when  a  trader  accesses  an  application,  the  SOI 
distributes,  brokers  and  manages  the  various  services 
involved  in  the  application,  ensuring  that  each  service 
meets  performance  and  business  objectives.  When  traders 
are  asking  to  price  deals, “you  want  to  give  a  higher-margin 
deal  better  service,”  Bishop  says.  “GridServer  and 
FabricServer  become  the  mechanisms  that  let  us  do  that 


ALAMANCE  REGIONAL  MEDICAL  CENTER 


across  distributed  and  transactional  applications.” 

In  all,  for  every  $1  invested  in  the  SOI,  Wachovia 
reports  a  $3  to  $4  return. 

All  virtual  layers 

The  FabricServer  deployment  was  a  significant 
step  in  the  evolution  of  Wachovia’s  SOI  because  it 
virtualizes  Wachovia’s  mission-critical  Java  2 
Platform  Enterprise  Edition  (J2EE)  applications.  At 
run-time,  FabricServer  distributes  an  application  to  an 
available  server.  FabricServer  handles  the  applica¬ 
tion’s  configuration  needs  and  eradicates  conflicts, 
even  if  two  or  more  applications  are  sharing  the  same 
server. 

Because  application  servers  can  be  better  utalized, 
fewer  are  needed. This  adds  up  to  significant  savings. 

While  the  bank  didn’t  perform  a  detailed  cost-savings 
analysis  (because  it  already  has  years  of  experience 
with  savings  achieved  from  virtualization),  Bishop  esti¬ 
mates  annual  savings  from  this  project  will  tally  near  the 
seven-digit  mark. This  from  reduced  hardware  and  mainte¬ 
nance  expenses.  Plus,  he  says  application  programming 
efficiency  is  up  by  30%,  application  performance  is  up  five¬ 
fold  and  throughput  is  50%  faster  since  FabricServer  was 
implemented. 

Grid  computing  and  a  virtualized  Java  application  envi¬ 
ronment  represent  only  a  portion  of  Wachovia’s  SOI,  how¬ 
ever.  The  bank  also  uses  VMware  for  servers  not  part  of  the 
FabricServer  project,  and  has  virtualized  its  data  layer,  rely¬ 
ing  on  Tangosol’s  Coherence  for  data  access  and 
Composite  Software’s  Composite  Information  Server  (CIS) 
to  virtualize  the  data-query  process. 

Coherence  gives  Wachovia’s  SOI  a  mechanism  to  track 
where  data  is  stored  so  J2EE  application  developers  do  not 
have  to  worry  about  specific  file  locations  when  writing 


"Everything  on  top  of  the 
network  -  even  the  network  - 
should  be  virtualized.” 

-TONY  BISHOP,  SENIOR  VICE  PRESIDENT  ANO 
DIRECTOR  OF  PRODUCT  MANAGEMENT,  WACHOVIA  BANK 


new  services.  CIS  virtualizes  the  query  itself,  draping  a  serv¬ 
ice  in  whatever  custom  application-interface  formatting  it 
needs  to  interact  with  other  applications.  “So  you  have  a 
data  query  that’s  virtual,  you  have  a  data-query  environ¬ 
ment  that’s  virtual  and  that  ties  right  in  with  our  processing 
virtualization  with  GridServer  and  FabricServer.  And 
VMware  partitions  and  makes  virtual  different  images  of 
the  operating  environment,”  Bishop  says. 

The  SOI  next  will  tie  into  a  virtualized  storage  infrastruc¬ 
ture  that  Wachovia  engineers  are  working  on  now,  he  says. 
He  sums  up  the  goal:“Everything  on  top  of  the  network  — 
even  the  network  —  should  be  virtualized.” 

The  people  part  Wachovia’s  advanced  network 
caused  a  massive  restructuring  of  its  II  department.  Read 
all  about  it  online.  [www.nwdocfinder.com/53BlJ. 

nww.coi 


4* Virtualization  eases  desktop  pains 

With  more  than  1,500  PCs  being  used  by  some  2,200  workers,  desktop  support  at  this 
Burlington,  N.C.,  medical  center  was  painful.  In  October  2005,  it  discovered  a  cure: 
application  virtualization  software  from  Softricity  (now  a  Microsoft  company).  The 
Softricity  Desktop  suite  lets  applications  run  in  virtual  containers  so  that  different  instances 
of  software  can  share  the  same  computer  without  conflict.  With  the  addition  of  Softricity 
ZeroTouch,  software  distribution  and  management  software  implemented  in  April  2006,  the 
medical  center  has  seen  impressive  gains.  It  cut  200  hours  of  IT  labor  a  year  by  eliminating 
application-conflict  testing,  reducing  average  time  to  deploy  a  new  desktop  application  from 
8?  to  8  hours  and  saving  about  $100,000  in  downtime  costs  associated  with  desktop  mainte¬ 
nance.  It  also  expects  to  save  $1.5  million  in  licensing  fees  over  three  years  through  better 
asset  management  and  maintenance. 

All-Star  WitS  Wisdom  “ Hooefullv, ,  when 


project!,  theyll  see  there’s  certainly 
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+A  virtual  drive 

This  Lafayette,  Ind„  company’s  three-year  project,  concluded  in  January,  has  become  a 
model  of  enterprise-scale  virtualization.  Using  VMware’s  ESX  Server,  VirtualCenter  and 
(/Motion  products,  Subaru  squeezed  its  data  center  to  15  physical  servers  (including 
three  multiprocessor  units)  supporting  60  virtual  servers .  It  also  has  added  a  1TB  IBM  Total 
Storage  DS4300  Fibre  Channel  storage-area  network  to  support  the  virtual  environment.  For 
2005,  downtime  had  been  whittled  away  to  less  than  three  hours,  with  VMware  directly  respon¬ 
sible  for  40%  of  failures  being  avoided,  estimates  Jamey  Vester,  a  production  control  IT  spe¬ 
cialist  for  the  company.  In  addition,  the  software  reduced  the  time  it  takes  to  provision  a  serv¬ 
er  from  weeks  -  or  even  months  -  to  a  couple  of  hours,  Vester  says.  The  project  was  affordable, 
costing  less  than  $150,000,  the  company  says,  and  it  paid  for  itself  twice  over  before  it  had 
been  completed.  * 
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we  fully,  when  people  look  at  this  [Linux  application  infrastructure 
here’s  certainly  a  benefit  to  betting  early.” -brad  benson,  cto,  taleo 
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TALEO 


Linux  does  the  job 


+  A  human  resources  firm  reaps  rewards  from  its  virtual¬ 
ized  Linux  application  infrastructure.  Bv  JULIe  BOBr 


he  surest  way  to 
beat  the  competi¬ 
tion  is  to  start  fast 
and  stay  ahead. 
That  strategy 
made  Taleo  a  2006  Enterprise  All- 
Star  Award  winner  for  the  virtual¬ 
ized  application  infrastructure  it 
completed  in  June  2005.  IT  execu¬ 
tives  at  the  San  Francisco  human 
resources  firm  bet  on  Linux 
(ditching  Unix)  when  they  were 
planning  the  new  system  in  2002. 
“At  the  time,  Linux  was  being 
looked  at  as  a  way  to  save  money 
at  the  Web  tier,  not  something  that 
you  would  run  mission-critical 
applications  on  across  all  tiers,” 
recalls  Brad  Benson,  CTO  at  Taleo. 

IT  executives  were  challenged 
to  find  ways  to  increase  business 
while  keeping  IT  costs  low  and 
performance  high.Taleo  offers  on- 
demand,  hosted  applications  for  a 
range  of  job  recruiting  needs.  Of 
its  roughly  500  employees,  nearly 
half  are  in  IT-related  roles. 

By  2004,  Taleo  had  rolled  out 
Linux  on  its  Web  and  application 
servers  and  in  2005  tackled  the 
difficult  database  layer.  The  data¬ 
base  project  centered  around 
FblyServe’s  Database  Utility  for 
Oracle,  which  clusters  databases 
on  low-cost  x86  servers  running 
Linux  and  a  storage-area  network 
(SAN). “PolyServe  helped  us  solve 
device-driver  issues  and  other 
roadblocks,”  Benson  says. 

The  team  deployed  multiple 
database  clusters  with  four  to  six 
servers  per  cluster.  And,  it  stan¬ 
dardized  on  HP  Proliant  blade 
servers  for  the  application  layer  — 
more  new  technology  of  the  day 
—  tapping  into  its  Fibre  Channel 
SAN.  The  result  was  a  state-of-the 
art  application  infrastructure  that 
can  scale  as  usage  demands, 
without  a  hiccup  in  performance. 
“In  this  shared  data  arrangement, 
the  services  of  any  server  can 
automatically  transition  to  any 
other  server  in  the  cluster  with  no 
loss  of  data  or  performance,” 
Benson  says.  “We  can  scale  data¬ 
base  server  performance  and 
capacity  by  adding  another  HP 
server  while  the  cluster  is  online.” 


Other  organizations  only  now 
are  deploying  enterprise-scale 
Linux  and  tinkering  with  applica¬ 


tion  virtualization  in  the  lab,  but 
Taleo  has  been  reaping  the 
rewards  of  its  virtualized  databas¬ 


es  for  more  than  a  year.  The  envi¬ 
ronment  has  boosted  hardware 
efficiency  with  each  server  now 


handling  25%  more  work,  and  it 
has  improved  reliability  by  one 
nine  to  99.9%,  Benson  says. 
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OPIMET  ACE  is  the  most  powerful 
solution  for  rapid  performance 
troubleshooting.  It  shows  you  exactly 
how  network,  system,  and  application 
behavior  affect  end-to-end 
performance.  With  ACE,  you  can 
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time  and  money  aren't  spent  in  the 
wrong  places. 
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The  Ultimate  Tape  Format. 


LTO  ULTRIUM  TECHNOLOGY  CAN  SIMPLIFY  YOUR  BACKUP,  ARCHIVE 
AND  COMPLIANCE  CONCERNS  WHILE  REDUCING  STORAGE  COSTS. 

Is  your  data  storage  on  a  continuous  spin  cycle?  The  3rd  generation  LTO  Ultrium  technology  provides 
800GB  tape  capacity*  and  up  to  576GB  per  hour  back-up  speed*  lowering  storage  costs  while  maximizing 
productivity.  Backward  read  and  write  capabilities  allow  for  simple  implementation  and  LTO  WORM 
capability  helps  address  compliance  requirements.  Get  the  best  technology  with  more  choices  and  more 
features  from  multiple  LTO  Ultrium  drive  and  cartridge  manufacturers  offering  competitive  pricing. 

Simplify  your  storage.  Visit  www.ultrium.com 

For  a  free  white  paper — “Is  tape  really  cheaper  than  disk?” —  go  to  www.ultrium.com/whitepaper 


*2: 1  compressed  data.  Linear  Tape-Open.  LTO,  the  LTO  logo,  Ultrium,  and  the  Ultrium  logo  are  trademarks  of  HP,  IBM  arid  Quantum  in  the  US  and  other  countries. 
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A  recipe  for  trust 


+  A  restaurant  chain  pioneers  the  use  of  the  TPM  security  chip  and 
saves  thousands  in  time  and  lost  data.  Bv  joanne  cu „Mi™es 


apa  Gino’s  and 
D’Angelo 
Sandwich 
Shops  now 
can  add  fast,  easy  bullet¬ 
proof  security  to  its  tradi¬ 
tional  menu  of  quick,  casual  food. 

The  Dedham,  Mass.-based  restaurant 
chain  is  pioneering  the  use  of  a  little- 
known  security  chip,  the  Trusted  Platform 
Module  (TPM),  that  comes  inside  every 
Dell  laptop  and  desktop  the  company 
buys.  Not  only  does  the  chip  generate  and 
store  encryption  keys,  helping  to  protect 
the  chain’s  business  data,  but  it  also  enables 
easy  finger-swipe  or  password-based 
authentication,  guarding  against  identity 
theft  for  its  employees  and  customers. 
When  used  with  Wave  Systems’  Embassy 
Trust  Suite  (ETS)  software,  the  chip  pro¬ 
vides  Papa  Gino’s  with  a  chain  of  trust,  from 
the  laptop  or  desktop,  all  the  way  to  the 
server  and  data  center. 

“And  it’s  so  easyf  says  Chris  Cahalin,  net¬ 
work  manager  at  the  chain.  He  is  amazed 
a  solution  that  is  so  easy  to  administer 
and  use  is  not  more  well  known  in  IT  cir¬ 
cles.  For  advancing  deployment  of  this 
elegant,  comprehensive  approach  to 
security,  Papa  Gino’s  earns  recognition  as 
a  2006  Enterprise  All-Star. 


Getting  to  know  the  TPM 

“Our  introduction  came  through  Dell,” 
Cahalin  says,  explaining  how  after  a  sales 
visit  from  the  PC  maker  in  March  2005,  he 
went  to  its  Web  site  to  learn  more. 
“Security  is  first  and  foremost  in  every¬ 
body’s  mind,  so  naturally  I  clicked  on  a 
link,  and  it  took  me  on  this  wonderful 
journey  of  Trusted  Platform  Modules.  As  I 
looked  at  it,  the  solution  just  made  more 
and  more  sense  to  me.  And  then  to  realize 
that  it’s  already  included  in  the  hardware 
we’re  buying  today  I  thought,  my  God,  why 
aren’t  we  using  this?” 

Today,  the  TPM  and  Wave  Systems’  ETS 
form  the  core  of  Papa  Gino’s  security  strat¬ 
egy  Cahalin  says. 

“Typically,  the  normal  laptop  considera¬ 
tions  are  antivirus  and  antispyware,”  he 
says.“Well  for  us,  the  first  consideration  is 
the  ETS  platform,  and  then  we  buy  the 
antivirus  and  antispyware.”  With  the  TPM- 
based  security,  Cahalin  and  his  team  are 
no  longer  chasing  down  lost  encryption 
keys  or  forgotten  passwords. 

Papa  Gino’s  is  moving  to  TPM-based 
machines  in  a  controlled  manner  as  it  pur¬ 
chases  laptops  and  desktops  through 
planned  upgrades,  which  cover  63%  of  its 
mobile  workforce.  The  software  has  cost 
$6,900  to  implement  so  far,  while  Papa 


Gino’s  has  seen  a  better  than  triple  ROI  of 
$22,400  in  the  first  year.  “That’s  in  support 
costs,  and  in  having  centralized  control 
over  the  encryption  methods  used,”  he  says. 

In  the  past,  Papa  Gino’s,  like  many  other 
companies,  had  a  hodgepodge  of  security 
schemes  in  place. 

“For  instance,  finance  was  implement¬ 
ing  ad  hoc  security  solutions,  where  it 
would  either  password-protect  files  or  use 
third-party  encryption.  But  then  it  would 
lose  the  keys,  and  it  was  a  mess,”  Cahalin 
says.  “We  had  to  bring  in  a  number  of 
temps  just  to  recreate  all  this  end-of-year 
work  very  quickly,  and  it  costs  us  tens  of 
thousands  of  dollars  to  do  that.  Now  we 
have  centralized  control  over  that  and 
can  avoid  those  kinds  of  instances  going 
forward.” 

How  it  works 

Users  no  longer  need  to  worry  about 
encryption  keys  or  long  passwords.  Before 
a  laptop  or  desktop  boots,  users  authenti¬ 
cate  to  the  network  via  a  finger-swipe. 
Those  “preboot”  credentials  are  sent  to  the 


back-end  Embassy  Authentication  Server, 
which  authenticates  the  users  to  the 
domain.  “The  data  on  the  laptop  hard 
drive  is  secure  all  the  time,  because  it 
requires  preboot  authentication,”  Cahalin 
says.“If  it’s  ever  lost  or  stolen,  we  have  this 
unprecedented  level  of  security’ 

And  swiping  a  finger  is  far  easier  than 
remembering  a  long,  complex  password  “I 
have  one  high-level  user  who  is  described 
by  my  LAN  admin  as  being  more  suited  to 
an  Etch-A-Sketch  than  a  laptop.  This  per¬ 
son  has  had  no  problem  at  all,”  Cahalin 
says.  “Everyone  loves  it  because  they  just 
run  their  finger  over  it,  boom,  they’re  in 
and  life  is  great.” 

If  a  laptop  is  lost  or  stolen  or  fails,  recov¬ 
ering  the  keys  is  a  snap,  he  says.  “If  you 
lose  a  TPM,  you  can  migrate  the  keys 
down  from  the  [Embassy  Key 
Management  Server]  to  any  TPM-enabled 
device,”  he  says.  “So  if  you  lose  a  laptop, 
you  don’t  lose  any  data,  because  it’s  all 
encrypted, and  you  have  the  key  securely 
backed  up  on  the  EKM  Server.  It’s  a  very 

Continued  on  page  80,  Security  on  page  78 


“It’s  so  eas 
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CHRIS  CAHALIN,  NETWORK  MANAGER,  SPEAKING 
OF  PAPA  GINO’S  USE  OF  CHIP-OASED  SECURITY 


All-Star  Wit  s  Wisdom  “The  staff  lorn  single  sign-on  -  and  now  wants  it  on  all  of  their  other 

[noncore]  applications.” -CHRIS  paidhrin,  cso,  southwest  WASHINGTON  medical  center 
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_DAY  45:  These  underutilized  storage  boxes  have  proliferated 
exponentially.  Their  inability  to  share  capacity  has 
doomed  us.  We’re  trapped  in  a  maze  of  our  own  creation. 

_DAY  47:  I  tried  to  give  Gil  a  boost  over  this  wall,  but 
he  pulled  a  hammie. 

_DAY  48:  I’ve  taken  back  control  with  IBM  System  Storage™ 
SAN  Volume  Controller.  It  puts  my  entire  storage  universe 
into  a  simple,  virtualized  pool.  And,  unlike  EMC,  IBM  has 
fourth-generation  virtualization  technology  and  over  2,000 
customers.  I  am  seeing  results. 

.Productivity  is  up.  Utilization  is  up.  I.T.  guys  lost  in 
mazes  of  data  is  down. 


IBM.COM/TAKEBACKCONTROL/STORAGE 
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Centralized  security  management 
heals  problems  and  saves  money. 


BY  JOANNE  CUMMINGS 

FirstHealth  of  the  Caroli- 

nas  believes  in  preven¬ 
tive  medicine,  an  atti¬ 
tude  that  extends  to  its 
corporate  network  health. 

In  a  little  more  than  a  year,  the  company 
went  from  a  reactive  security  posture  that 
relied  solely  on  antivirus,  firewalls  and  VPNs 
to  an  active  security  infrastructure  based 
on  state-of-the-art  tools  working  in  concert 
and  controlled  by  a  centralized  security- 
management  application.  For  this  aggres¬ 
sive  yet  studied  approach  to  security  — 
and  especially  its  management  — 
FirstHealth  earns  a  2006  Enterprise  All-Star 
Award.  Faced  with  an  increasing  number  of 
zero-day  attacks,  this  private,  not-for-profit 
healthcare  network  serving  15  counties  in 
the  mid-Carolinas  realized  its  old  security 
setup  wasn’t  working  anymore.  ‘Antivirus 
vendors  couldn’t  get  security  patches  out 
quick  enough.  Sometimes  attacks  were 
going  around  the  world  in  less  than 


two  hours,” says  Jonathan  Campbell,  techno¬ 
logy  director  at  FirstHealth, in  Pinehurst.N.C. 

With  new  Health  Insurance  Portability 
and  Accountability  Act  (HIPAA)  security 
requirements  mandating  the  confidentiali¬ 
ty,  integrity  and  availability  of  hospital  data, 
the  problem  became  clear.  “We  needed  a 
better  way?’  Campbell  says. 

In  January  2005,  the  group  decided  to 
implement  a  variety  of  tools  intended  to 
secure  the  network  from  host  to  perimeter. 
These  included  Cisco  host-based  intrusion- 
detection  and  -prevention  sensors,  as  well 
as  new  wireless  security  and  monitoring 
systems  and  Websense  for  Internet  filtering. 
The  key,  Campbell  says,  was  ensuring  that 
every  new  security  piece  could  be  man¬ 
aged  from  a  single,  centralized  application 
—  Network  Intelligence’s  Envision. 
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Proactive  by  design 

Envision  receives  and  correlates 
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alerts  on  such  issues  as  workstation  lock¬ 
outs,  network  configuration  changes  and 
firewall-  breach  attempts.  “We  wanted  to 
make  sure  we  correlated  everything  and 
got  the  right  information  to  the  right  peo¬ 
ple  —  and  that’s  where  Envision  comes 
in,”  Campbell  says.“We  can  see  it  all  from 
one  application,  and  we  can  push  out 
from  that  engine  correlated  alerts  via 
pages  and  e-mails.  And  now  we  can  react 
to  them  pretty  quickly” 

He  found  out  just  how  quickly  in  August 
2005,  when  the  security  project  was  half 
finished  and  the  Zotob  worm  took  aim  at 
the  FirstHealth  network.  While  such  a  sit¬ 
uation  previously  would  have  left  Camp¬ 
bell  dealing  with  network  outages,  this 
time  around  he  didn’t  have  to  do  any¬ 
thing.  The  Cisco  host-based  sensors 
blocked  the  worm  and  prevented  the  at¬ 
tack,  he  says. 

Integrating  wireless  security  informa¬ 
tion  from  Cisco’s  Access  Control  Servers 
and  Wireless  LAN  Solutions  Engine 
(WLSE)  also  has  been  essential, 
Campbell  says.  “Before  this  implementa¬ 
tion,  we  could  only  be  reactive  to  a  wire¬ 
less  security  breach,”  he  says.“Now  [with 
Envision]  we  can  actually  get  pages  on 
breach  attempts,  and  with  the  Location 
Manager  in  WLSE,  we  can  actually  view 
the  physical  location  of  the  breach.  We 
can  stop  breaches  before  they  occur 
instead  of  reacting  to  the  breaches  after 
they  occur.” 

Because  FirstHealth  mandated  new  se¬ 


curity  initiatives  that  can  be  managed 
centrally  and  cohesively,  the  healthcare 
group  no  longer  is  at  the  mercy  of  zero- 
day  attacks.  Although  the  cost  of  the  proj¬ 
ect  totaled  $240,000,  Campbell  figures 
that  in  the  first  year  the  company  will 
save  $250,000,  solely  from  reduced  net¬ 
work  downtime. 

“We  started  all  this  because  of  HIPAA, 
but  as  we  got  into  it  and  started  seeing 
things  happen,  we  actually  saw  a  bigger 
payback  than  what  we  were  originally 
thinking  [because  of  the  centralized  con¬ 
trol]  .The  security  components  act  as  one 
cohesive  unit,  not  a  large  number  of  indi¬ 
vidual  components,”  Campbell  says. 
“That’s  the  key”  • 

Continued  on  page  80 


“Before  this  implementation, 
we  could  only  be  reactive  to  a 
wireless  security  breach. 

m1.,.  WE  CAN  ACTUALLY 
GET  PAGES  ON  BREACH 
ATTEMPTS  ANB  VIEW... 
THE  PHYSICAL  LOCATION 

59 


-  JONATHAN  CAMPBELL,  TECHNOLOBY  BIRECTOR, 
FIRSTHEALTH  OF  THE  CAROLINAS 


NEWYORK-PRESBYTERIAN  HOSPITAL 


Mapping  application  dependencies 

redit  Suisse’s  14  global  points  of  presence  are  the  hub 
of  its  mission-critical  activities,  handling  all  of  the 
firm’s  file  transfer,  e-mail,  Web  browsing  and  e-com¬ 
merce  functions.  In  October  2004,  Colin  Constable,  director  of 
network  engineering  at  the  New  York  bank,  brought  in  start-up 
Skybox  Security’s  Skybox  Secure  application  to  take  daily  snap¬ 
shots  of  the  POPs’  security  status  and  the  numerous  servers 
and  applications  within  those  infrastructures.  Skybox  Secure 
identifies  every  network  device  and  its  application  dependen¬ 
cies  across  the  POPs,  providing  an  accurate  risk  profile  and  let¬ 
ting  the  security  team  see  and  mitigate  threats  quickly  and  effi¬ 
ciently.  Because  Skybox  Secure  is  automated,  the  bank  was  able 
to  turn  a  semiannual,  relatively  ineffective  and  resource-inten¬ 
sive  chore  into  a  repeatable,  scalable  and  timely  process  that 
delivers  quality  output  to  provide  a  daily  risk-based  view  of  the 
infrastructure  and  its  many  assets.  Having  spent  $700,000  to 
deploy  Skybox  Secure,  Credit  Suisse  realized  a  full  ROI  in  a  little 
more  than  a  year,  with  three-year  ROI  totaling  $2.1  million. 


+/I/I  educational  lockdown 

July  2003,  the  Harvard  Business  School  was  walk¬ 
ing  a  fine  line  between  security  and  the  need  to 
provide  an  open,  collaborative  educational  net¬ 
work  environment.  To  cut  vulnerabilities,  it  used  Racketeer’s 
PacketShaper  to  analyze  the  applications  being  used  at  Layer 
7  and  map  the  appropriate  services  to  its  firewall  ports.  It 
then  closed  every  unused  port.  Overnight  the  school  went 
from  supporting  a  wide-open  network  environment  to  one 
that  is  99.9%  locked  down  at  the  border  -  and  no  one 
noticed,  says  John  Arsneault,  director  of  network  operations 
at  the  Boston  school.  That  and  use  of  McAfee’s  E  Policy 
Orchestrator  let  the  school  eradicate  denial-of-service 
attacks,  virus  infections  and  systems  vulnerabilities,  while 
reducing  virtually  all  illegal  peer-to-peer  traffic  on  the  ISP 
connection.  In  three  years,  the  school  has  freed  up  staff  and 
stabilized  ISP  costs,  resulting  in  savings  of  $220,000  a  year. 


Diagnosing  true  network  threats 

While  NewYork  Presbyterian-Hospital  deployed 
strong  perimeter  security  to  protect  its  network 
from  outside  attacks,  it  still  had  a  large  number  of 
attacks  occurring  from  inside  the  network.  These  threatened 
not  only  the  network's  integrity  but  the  New  York  hospital’s 
confidential  digital  assets  and  patient  information  -  a  sce¬ 
nario  that  threatened  its  Health  Insurance  Portability  and 
Accountability  Act  compliance  initiatives.  In  November  2005, 
the  hospital  deployed  CounterStorm’s  CounterStorm-1  intru¬ 
sion-prevention  system  appliances  throughout  its  three-cam¬ 
pus  network  to  identify  true  threats  immediately  and  quar¬ 
antine  offending  net  devices  in  real  time.  The  result  was  not 
only  a  stronger  network  but  a  more  efficient  network  staff,  as 
the  devices  significantly  reduced  the  hours  needed  to  deal 
with  attacks,  viruses  and  unauthorized  access  to  the  net¬ 
work. 


All-star  Wit  s  Wisdom  u0ne  unexpected  bonus  was  our  obtaining  a  better  understanding  of...  the  applications 
l  tools]  different  departments . . .  depend  on.  This  knowledge  helps  our  relationships  ...and  allows  us  to  better 

serve  users  in  times  of  need."-J0HN  ARSNEAULT,  DIRECTOR  OF  NETWORK  OPERATIONS,  HARVARD  BUSINESS  SCHOOL 
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»  IP  security  requirements  grinding  your  branch  office  productivity  to  a  halt?  Juniper  makes  any  network 
better,  including  branch  office  networks.  Our  Secure  Services  Gateway  features  multi-layered  network- 
and  application-level  protection,  plus  enough  horsepower  to  ensure  your  security  solution  is  never  a 
LAN  or  WAN  bottleneck. 

Juniper’s  SSG  platform  is  an  innovative  powerhouse,  delivering  WAN  connectivity,  plus  the  muscle  to  protect 
your  high-speed  LAN  (competitive  products  slow  performance  dramatically  when  adding  security  features).  Find 
your  free  “Multimedia  Guide  to  Branch  Security,"  plus  demos,  white  papers  and  more  at  www.juniper.net/branch 
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Continued  from  page  75 

good  solution  for  us.” 

Encrypting  data  is  easy  and  well  integrated  with  popular  soft¬ 
ware,  such  as  Microsoft’s  Office  Suite,  Cahalin  says.  “When 
you’re  in  Word  or  Excel,  and  you’re  creating  a  document,  you 
have  new  icons  where  you  can  just  ‘save  and  encrypt  as,’  and 
that  document  will  then  be  encrypted  and  saved  in  a  secure 
vault,”  he  says. 

Even  systems  administrators  can’t  access  the  data.“It’s  unintel¬ 
ligible,  because  you  can’t  even  see  the  name  of  the  file,  and  you 
certainly  don’t  have  access  to  the  contents,”  he  says. 

The  security  scheme  also  circumvents  a  well-known  problem  in 
real-world  networking  —  that  of  the  novice  user  keeping  cheat 

sheets  of  passwords  and 
logon  information.  “Now 
that’s  solved,  because  peo¬ 
ple  simply  turn  on  their  lap¬ 
top  and  they  can  preboot 
authenticate  with  a  finger 
swipe,”  Cahalin  says.  “They 
then  open  up  a  vault  with 
another  swipe  of  their  fin¬ 
ger,  and  inside  that  vault 
are  all  the  documents  they 
need.  And  only  they  can 
see  them.” 

Watch  the  vendors 

Cahalin  has  one  caveat: 
Make  sure  your  TPM  ven¬ 
dor  uses  open  standards 
and  not  proprietary  en¬ 
cryption  and  authorization 
methods.  When  he  first  discovered  the  TPM  technology  on  the 
Dell  site,  he  decided  to  investigate  what  HP  and  Lenovo  were 
offering  in  the  same  area. 

“HP  didn’t  have  a  solution  that  year,  even  through  March  2006,” 
he  says.“And  the  kicker  is  that  when  it  finally  does  work,  it’s  only 
going  to  work  with  HP  equipment,  which  is  bizarre.” 

Plus  the  HP  and  Lenovo  iterations  were  far  more  limited  in 
scope.  “Both  HP  Protect  Tools  and  [Lenovo]  ThinkVantage  limit 
where  you  can  encrypt  your  data,  so  with  HP  you  get  this  thing 
called  the  personal  secure  drive,  with  1GB  of  local  space  to 
encrypt  your  data.  It  can’t  grow  in  size,  and  you  can’t  put  it  any¬ 
where  else,” Cahalin  says.“With  Dell  and  Embassy,!  can  create  the 
secure  vault  locally,  on  the  network,  on  removable  media  or  wher¬ 
ever  1  want  —  and  it’s  unlimited  in  size.  It’s  a  difference  you  need 
to  be  aware  of.” 

Security  doesn’t  need  to  be  hard  to  be  good 

The  upshot  is  that  Papa  Gino’s  now  has  strong,  bulletproof  secu¬ 
rity  from  the  desktop  to  the  server  that  is  much  easier  to  use  and 
implement  than  any  other  security  technology  tried  in  the  past. 

“It’s  like  a  hidden  gem,”  Cahalin  says.“Feople  think  you’re  going  to 
add  complexity  because  it’s  more  secure  —  it’s  got  to  be  more  dif¬ 
ficult,  right?  Well,  no.  Actually  it’s  just  the  opposite.  It’s  such  a  well- 
thought-out,  elegant  solution  that  we  can’t  push  it  out  fast  enough.” 

Cummings  is  a  freelance  writer  in  North  Andover,  Mass.  She  can 
be  reached  at  jocumrnings@comcast.net. 
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Pruning  inside  security  threats 

Faced  with  dramatic  growth  and  multiple  acquisitions,  including  such  big-name  brands  as  The  WineTasting 
Network,  The  Popcorn  Factory  and  Plow  8  Hearth,  1-800-flowers.com  needed  an  active  way  to  secure  not  only 
its  known  network,  but  also  its  newly  acquired,  and  sometimes  unknown,  network  assets.  Instead  of  rely¬ 
ing  on  the  traditional  firewalls  and  intrusion-detection  systems,  l-80Q-flowers.com  CIO  Enzo  Mieali  in  early  2006 
implemented  Security  monitoring  appliances  on  the  internal  networks.  Security  provides  real-time  visibility  into  net¬ 
work  Layers  3  to  4  and  7,  and  enforces  policy-driven  controls  on  network  behavior.  By  enabling  1-800-flowers.com,  in 
Carle  Place,  N.Y.,  to  understand  what  each  user  group  was  doing  in  real  time  on  the  network,  Security  paid  for  itself  in 
the  first  year  and  helped  the  company  prevent  insider  misuse  and  targeted  attacks,  letting  it  protect  its  assets  and 
its  reputation  among  its  customers. 
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+/I  studied  approach  to  mitigating  risk 

ike  many  universities,  this  Boone,  N.C.,  school  faced  security  challenges  inherent  in  providing  an  open  network 
while  mitigating  security  risks.  A  $3.5  million  network  upgrade  to  implement  policy-driven  switching,  using 
Enterasys  Networks'  Distributed  Forwarding  Engine  Switching  architecture,  Netsight  Console  and  Policy 
Manager  software,  has  let  the  school  quickly  pinpoint  and  alleviate  malicious  network  attacks.  Using  this  policy-driven 
approach,  the  new  network  let  the  school  this  year  register  its  more  than  6.000  students  in  three  days,  without  the  usual 
hassles  of  worms  and  viruses.  Plus,  the  project  has  saved  countless  hours  troubleshooting  and  stabilizing  the  network, 
says  David  Hayler,  network  specialist  with  the  university.  "If  we  see  a  problem  with  malicious  traffic,  we  just  write  a  poli¬ 
cy  and  push  it  to  the  edge,  and  even  if  it  is  just  an  individual  or  two,  we  can  quarantine  them  with  just  a  few  clicks  of  a 
mouse,"  he  says. 
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Lifting  remote 
security  sky  high 

+  An  airline  lands  hefty  savings  from  a  centralized 
interface  for  its  varied  remote-access  methods. 

BY  JOANNE  CUMMINGS 

Continental  Airlines,  in  the  air  as  well  as  in  the  corporate  network,  knows  the  importance 
of  balancing  security  with  convenience  and  low  cost. That’s  why  it  flew  at  the  chance  to 
implement  a  new  remote-access  security  scheme  that  provides  all  three  in  one  neat  pack¬ 
age,  earning  recognition  as  a  2006  Enterprise  All-Star  winner  in  the  process. 

With  more  Continental  employees  working  remotely  and  using  more  varied  methods  of 
access  —  from  dial-up  to  broadband  to  wireless  —  keeping  a  handle  on  access  costs  while  ensuring  secu¬ 
rity  was  becoming  increasingly  difficult.  Employees  working  from  home  or  remote  offices  were  confused 
about  the  best  way  to  get  access,  and  many  were  inadvertently  circumventing  corporate  security  in  their 
efforts  to  log  on  quickly  and  get  the  job  done. 

“People  had  so  many  icons  on  their  desktops  they  didn’t  know  which  one  to  use,” says  Stacey  Thomas, sen¬ 
ior  manager  of  telecommunications  technology  at  the  Houston-based  airline.  “They  would  have  one  for 
domestic,  one  for  international,  dial-up,  broadband,  wireless.  With  four  or  five  choices,  it  got  confusing.” 

In  May  2004,  the  airline  decided  to  implement  Fiberlink  Communications’  Extend360  secure  access  soft¬ 
ware  to  ease  remote  access,  while  ensuring  security  and  cost  containment.  Extend360  lets  Continental  build 
access  policies  and  then  lets  employees  use  a  single  interface,  or  icon,  for  remote  connectivity  —  no  matter 


where  or  how  they  connect. 
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All-Star  Wit  S  Wisdom  “We  wanted  to  know  who  had  access  to  what  on  the 
network  and  what  exactly  were  they  doing.”- enzo  micali,  cio,  i-8oo-flowers.com 


With  the  ScanSafe  Web  security  team  on  your  side,  you’ll  have  an  unfair  advantage  in  the  fight  against  spyware,  viruses,  phishing 
and  other  Web-based  threats.  Blocking  malware  and  unwanted  content  before  they  reach  your  network,  our  managed  services 
eliminate  the  burden  of  managing,  maintaining  and  updating  your  in-house  security  infrastructure,  freeing  you  to  focus  on  business 
critical  IT  projects. 

Our  support  team  and  threat  experts  are  available  around-the-clock,  protecting  your  network  from  the  latest  outbreaks.  All  our 
services  are  backed  by  SLAs  that  guarantee  pure,  safe  Internet  content  at  up  to  a  40%  lower  cost  of  ownership  than  hardware 
solutions.  Let  our  managed  services  be  your  instant  Web  security  team,  helping  you  turn  the  tables  on  Web  threats  you  face  today 
and  the  new  malware  threats  of  tomorrow. 

ScanSafe 

Your  Web  Security  Team 


To  learn  more  call  1-866-4-PORT-80 
Or  visit  www.scansafe.com 
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Extend360  supports  broadband,  dial-up,  wide-area  wireless  (Code 
Division  Multiple  Access),  Wi-Fi  and  hotel  broadband.  Via  the  policies, 
Continental  can  make  sure  remote  employees  use  the  most  cost-efficient 
access  methods  available  to  them, as  well.  In  addition,  the  software  ensures 
that  remote  clients  meet  Continental’s  security  policies  in  terms  of  up-to- 
date  antivirus  software,  personal  firewalls  and  other  security  measures. 

Fiberlink’s  Endpoint  Vulnerability  Management  feature  is  key,  Thomas 
says.  “We  use  it  to  make  sure  the  remote  user  has  the  right  SSL  VPN  client 
installed,  and  the  latest  software  patches,  antivirus  and  so  on.  We  can  push 
that  right  out  to  them  now,  and  I  know  we’ve  avoided  a  lot  of  headaches 
from  viruses  and  downtime  that  way” 

The  greatest  savings  have  come  from  access  costs,  Thomas  says.  Before 
implementing  the  Fiberlink  software,  the  company  had  no  clear  idea  who  its 
users  were  or  where  they  were  accessing  from,  which  made  it  extremely  dif¬ 
ficult  to  manage  the  extended  enterprise. 

Previously,  Continental  didn’t  have  a  way  to  give  users  unique  personal 
identifiers  or  distinguish  between  business  and  personal  use, Thomas  says. 
As  a  result,  she  adds,  Continental  was  funding  a  lot  of  personal  use. “With 
Fiberlink,  we  can  manage  the  process  of  individual  cost  centers,  monitor 
remote-access  cost  trends  and  analyze  charges  to  see  if  certain  users 
should  be  reassigned  to  more  optimal  billing  plans,” she  says. 

Continental  immediately  saw  a  20%  cost  savings,  with  Thomas  reporting 
a  one-year  ROl  of  $1.2  million. The  three-year  ROl  should  hit  $3.6  million, 

she  says. 

“The  savings  are  phe¬ 
nomenal,  but  the  biggest 
thing  here  is  the  control 
you  get,”  Thomas  says. 
“The  reporting  right  to 
my  desktop,  as  well  as 
the  management  and 
control  over  the  whole 
issue  of  remote  access. 
It’s  something  we  never 
had  before.  We  had  no 
visibility.  This  is  a  huge 
improvement.”  0 


“...I know  we’ve  avoided 
a  lot  of  headaches  from 
■es  and  downtime. 
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-  STACEY  THOMAS,  SENIOR  MANAGER  OF  TELECOMMUNICATIONS  TECHNOLOGY, 
CONTINENTAL  AIRLINES 
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OCHSNER  HEALTH  SYSTEM 


Examining  databases  for  security  faults 

Faced  with  securing  and  auditing  its  distributed  databases  across  its  varied  locations,  New  Orleans- 
based  Ochsner  Health  System  needed  a  technology  that  was  not  only  bulletproof  but  automated, 
says  Mark  Maher,  information  security  administrator  for  the  hospital.  The  healthcare  group 
became  one  of  the  earliest  adopters  of  Application  Security’s  AppDetective  vulnerability  assessment 
scanner,  investing  $10,000  in  the  software  and  reaping  immediate  benefits.  It  not  only  provided  unprece¬ 
dented  capabilities  in  performing  penetration  testing  and  identifying  weak  passwords  in  Ochsner’s  data¬ 
bases,  but  also  discovered  and  secured  databases  that  the  group  didn't  know  existed.  Database  audits 
that  previously  took  weeks  were  whittled  down  to  an  hour,  without  compromising  network  or  database 
availability  or  performance.  The  hospital  gained  the  added  benefit  of  increased  protection  of  sensitive 
patient  information,  ensuring  compliance  with  Health  Insurance  Portability  and  Accountability  Act  regu¬ 
lations  and  saving  at  least  $17,000  in  audit  costs. 
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Investing  in  data  loss  prevention 

his  Newark,  N.J.,  financial  services  firm  needed  a  way  to  make  sure  its  employees,  who  often  han¬ 
dle  such  sensitive  information  as  customer  names,  Social  Security  numbers  and  addresses,  were 
operating  within  the  firm's  strict  security  policies.  In  January  2005,  Prudential  deployed  Vontu’s 
Discover,  Monitor  and  Protect  data  loss  prevention  tools  across  its  M  business  units.  Vontu  lets  the  firm  gain 
immediate  visibility  into  the  types  of  information  traversing  and  leaving  the  corporate  network,  letting  IT  pin¬ 
point  and  stop  data  loss  events,  says  Pete  Kuzmiskas,  senior  systems  specialist  at  Prudential.  Before  Vontu, 
incident  identification  and  remediation  relied  solely  on  employees’  active  participation  in  policy  adherence. 
With  the  Vontu  automated  monitoring  tools  in  place,  users  and  management  can  identify  oversights  in  han¬ 
dling  data,  even  when  users  do  not  realize  they  are  acting  outside  company  procedure.  As  a  result,  Prudential 
has  cut  the  number  of  data  loss  incidents  by  90%,  saving  millions  of  dollars  in  remediation,  litigation  and  cor¬ 
porate  reputation. 
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+Single  Sign-On  -  a  medical  center’s  orders 

his  Vancouver,  Wash.,  medical  center’s  highly  mobile  acute-care  staff  increasingly  needed  access  to 
a  variety  of  secure  applications  from  shared  workstations.  Strict  adherence  to  the  Health  Insurance 
Portability  and  Accountability  Act  [HIPAA3  and  other  compliance  regulations,  however,  stipulated 
long,  complicated  passwords  each  time  a  user  logged  on  to  a  new  workstation,  resulting  in  harried  staff  and 
impacted  patient  care.  Last  January,  Chris  Paidhrin,  SWMC’s  CS0,  invested  $100,000  to  deploy  Imprivata's 
OneSign  ESSO  appliance  to  alleviate  the  problem.  OneSign  ESSO  creates  a  consistent  user  interface,  as  weli  as 
secure  policy  management  and  a  single  authentication  store  for  HIPAA  and  other  user  ID  and  access  control 
needs.  As  part  of  the  plan,  SWMC  added  biometric  readers  on  machines  in  the  emergency  department,  letting 
staffers  use  their  fingerprints  to  authenticate  to  the  network  and  access  applications  and  information. 
Paidhrin  says  in  one  year  the  project  will  have  paid  for  itself.  Not  only  has  the  single  sign-on  initiative  saved 
time,  but  it  has  increased  staffer  satisfaction  and  the  overall  quality  of  patient  care,  he  says. 


THE  UNIVERSITY  AT  BUFFALO  HEALTH  SCIENCES 


*An  agent-based  prescription  for  network  health 

This  Buffalo,  N.Y.,  university  was  in  a  unique  position:  It  had  to  ensure  security  and  Health 
Insurance  Portability  and  Accountability  Act  compliance  for  its  users  and  data  scattered 
across  50  independent  clinical  sites  and  five  hospital  systems  -  without  interfering  with  the 
overall  networks,  which  were  run  by  the  clinics  and  hospitals,  not  the  school.  Last  January,  it  imple¬ 
mented  Elemental  Security's  agent-based  Elemental  Security  Platform  (ESP)  2.0  across  its  user  base  and 
quickly  reaped  benefits,  says  Brian  Murphy,  director  of  health  science  IT  at  the  school.  ESP  lets  the 
school  inventory  its  assets  and  control  their  behavior  based  on  predefined  security  policies.  Plus,  the 
tool’s  dynamic  grouping  lets  IT  automate  a  systemwide  network  quarantine  to  remove  threats  and  in 
some  cases,  remedy  problems  on  the  desktop.  With  an  initial  investment  of  $250,000  in  the  tool,  the 
school  expects  to  reap  a  $20,000  R0I  in  the  first  year,  Murphy  says. 


All-Star  Wit  B  Wisdom  “Our  Oracle  databases  obviously  contain  important  information  of  a 
private  nature.  ...We  needed  a  tool  to  actively  assess  our  Oracle  environment  and  secure  it 
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necessary.”  -MARK  MAHER,  information  security  administrator,  ochsner  health  system 
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Eliminate  application  delays  with  the  market  leader. 

With  Racketeer®  WAN  optimization  appliances,  your  business-critical  applications 
are  always  cleared  for  take-off.  They  give  you  monitoring,  control,  acceleration,  and 
management  all  in  one,  convenient  appliance.  What's  more,  you  can  control  recreational 
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access  to  business-critical  applications  and  happier  branch  office  users. 
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red  to  heal 


\  +  Wireless  IP-based  telemedicine  helps  a 
treatment  provider  halve  wound-healing  time. 

BY  PAUL  KORZENIOWSKI 


pecialization  is 
a  growing  trend 
in  the  health¬ 
care  industry,  as 
is  the  use  of 
ever-more- 
sophisticated  telemedicine  applications. 
Six-year-old  Wound  Technology  Networks 
has  built  a  business  taking  advantage  of 
both. 

Through  the  use  of  Web  conferencing 
and  call  center  applications,  which  WTN 
medical  professionals  access  via  Verizon’s 
wireless  IP  network,  healthcare  providers 
can  cut  their  operating  costs  while  improv¬ 
ing  the  care  of  wounds.  “The  treatment  of 
wounds  has  never  been  very  efficient,  and 
our  system  makes  it  more  consistent  and 
more  effective,”  says  George  Pollack,  chief 
operating  and  technology  officer  at  this 
specialty  medical  practice  based  in 
Hollywood,  Fla. 

WTN  earns  distinction  as  a  2006 
Enterprise  All-Star  for  its  novel  use  of 
telemedicine  applications  and  wireless 
technology,  as  well  as  for  creating  this 
mobility-enabled  business.  By  providing 
consistent  clinical  care  via  its  network, 
WTN  has  reduced  the  typical  patient-heal¬ 
ing  time  by  50%, cut  down  on  patient  read¬ 
missions  by  95%  and  successfully  treats 
patients  91%  of  the  time,  says  Pollack,  who 


KANSAS  CITY  POWER  S  LIGHT 


is  a  doctor-turned-IT  specialist. 

The  business  of  healing  wounds 

Everyday,  millions  of  individuals  fall, 
become  diabetic  and  develop  problems 
with  their  veins.  The  result  is  a  bevy  of 
wounds  requiring  stitches,  short-term  care 
or  long-term  treatment.  Administering  to 
such  wounds  is  a  time-consuming  and 
costly  process  for  healthcare  providers: 
U.S.  providers  spend  $20  billion  to  $25  bil¬ 
lion  per  year  treating  chronic  wounds,  and 
that  number  has  been  rising,  according  to 
Lisa  Gould,  a  professor  at  the  University  of 
Texas  Medical  Branch. 

Treating  a  simple  cut  is  fairly  easy  but 
providing  services  for  a  complex  wound 
or  someone  with  diabetes  can  be  difficult 
and  expensive  —  a  problem  that  is  expect¬ 
ed  to  become  worse.  “As  the  population 
ages,  the  number  of  patients  requiring 
wound  treatments  is  increasing  signifi¬ 
cantly  says  Jeffrey  Galitz,  CEO  and  chief 
medical  officer  at  WTN. 

Often,  generalists  who  work  at  emer¬ 
gency  rooms,  clinics  or  doctors’  offices 
end  up  treating  such  wounds. 
Consequently,  the  effectiveness  of  treat¬ 
ment  has  been  scattershot:  Patients  often 
take  longer  to  heal  than  necessary,  and 
some  develop  other  problems,  such  as 
infections. 
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For  more  effective  treatment,  WTN  deliv¬ 
ers  more  support  materials  to  its  doctors, 
nurse  practitioners  and  nurses  than  those 
typically  available  when  treating  a  wound. 
As  the  WTN  specialists  provide  care,  they 
can  tap  into  a  corporate  Web  server  for 
help  identifying  the  type  of  wound,  the 
proper  treatment,  the  correct  way  to 
administer  that  treatment,  descriptions  of 
the  healing  process,  best  practices  and  the 
like,  Pollack  says. 

WTN  says  it  has  developed  the  world’s 
largest  wound-care  database.  It  contains 
75  data  points  on  200,000  treatment  types, 
WTN  says.  Healthcare  product  suppliers 
Johnson  &  Johnson  and  3M,  for  example, 
provide  step-by-step  directions  for  how  to 
apply  a  new  dressing,  thus  increasing  the 
likelihood  that  WTN  specialists  will  use 
their  products  properly.  “Healthcare  prod¬ 


ucts  have  become  more  complex  —  some 
dressings  stay  on  for  weeks  rather  than 
days  —  so  more  care  is  needed  when  they 
are  applied ’’Pollack  notes. 

Network-based  consultations 

In  addition, WTN’s  41  healthcare  providers 
consult  with  one  another  via  voice  or  mul¬ 
timedia  Web  conferences.  During  each  pro¬ 
cedure,  they  can  connect  to  the  company’s 
call  center  and  talk  to  fellow  healthcare 
practitioners  about  each  patient’s  diagnosis 
and  treatment.  For  instance,  the  group  can 
examine  a  snapshot  of  a  wound  and  deter¬ 
mine  the  most  effective  treatment.  A  half 
dozen  or  so  medical  professionals  staff  the 
call  center,  Pollack  says. 

To  support  these  conferences,  WTN  built 
a  sophisticated  network  using  Polycom’s 
PathNavigator  call-processing  server,  PVX 
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VASSAR  BROTHERS  MEDICAL  CENTER 

Broadband  microwave  brightens  the  outlook 

acing  application-performance  issues,  the  IT  team  at  this  Kansas  City,  Mo.,  utility  knew 
it  needed  to  address  bottlenecks  created  by  the  aging  6GHz  licensed  digital  microwave 
network  connecting  power  plants,  substations  and  corporate  locations.  It  found  the 
answer  in  a  specialty  broadband  wireless  system  from  Orthogon  Systems  (now  Motorola).  The  0S- 
Spectre  Ethernet  bridge  provides  point-to-point  connectivity  in  near-  or  non-line-of-sight  environ¬ 
ments.  For  Kansas  City  Power  &  Light,  the  microwave  system  has  boosted  throughput  from  1.5M  to 
100Mbps,  enabling  the  utility  to  support  new  business-critical  applications,  such  as  Internet 
access,  multimedia  and  VoIP.  Since  the  project  was  completed  in  May,  managers  report  more  time¬ 
ly  access  to  reporting  data  and  business  units  are  developing  new  applications  that  would  not  run 
efficiently  on  the  old  network.  The  utility  invested  $950,000  in  the  broadband  wireless  system. 


+New  wireless  infrastructure  eases  communications  pains 

Employees  at  Vassar  Brothers  Medical  Center,  in  Poughkeepsie,  N.Y.,  had  been  spending  a 
lot  of  time  trying  to  connect  with  one  another  as  they  roamed  hospital  floors.  With  the 
implementation  of  InnerWireless'  Medical-grade  Wireless  Utility,  hospital  personnel  can 
connect  with  one  another  instantly.  The  new  wireless  infrastructure,  built  on  a  broadband  antenna 
system  that  carries  radio  frequency  signals,  accommodates  a  broad  range  of  wireless  services 
including  two-way  radio,  paging,  cellular  and  wireless  LAN.  At  Vassar  Brothers,  the  $3.2  million 
upgrade  has  significantly  improved  employee  productivity,  among  other  benefits.  For  example,  the 
medical  center  reports  reducing  the  amount  of  time  spent  trying  to  find  the  right  staff  members  by 
85  minutes  per  nurse  per  shift,  as  they  no  longer  need  to  sit  by  the  nursing  station  waiting  on  physi¬ 
cians  to  return  calls  or  to  answer  the  nurse-call  system. 
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mi  star  Wit  S  Wisdom  “ Since  caregivers  are  now  able  to  communicate  in  real  time,  the  hospital  has  been  able  to 
avert  more  than  150  problems  sucn  as  giving  patients  the  wrong  medication  -  a  few  of  which  could  have  had  life- 

threatening  consequences.” -NICHOLAS  CHRISTIANO,  CIO,  VASSAR  BROTHERS  MEDICAL  CENTER 
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videoconferencing  software  and 
Logitech  Web  cameras.  As  of 
spring  2005,  calls  are  carried  over 
Verizon’s  third-generation, 
Enhanced  Data  GSM  Environ¬ 
ment-based  wireless  IP  network. 
Previously  WTN  used  Cingular’s 
Code  Division  Multiple  Access- 
based  cellular  data  service,  hav¬ 
ing  earlier  upgraded  from  the  tra¬ 
ditional  telemedicine  service, 
ISDN,  to  achieve  ubiquitous  cov¬ 
erage.  In  its  $170,000  migration  to 
the  Verizon  wireless  IP  net,  WTN 
tripled  available  bandwidth  to  a 
speed  of  384Kbps. 

For  security  and  to  be  in  com¬ 
pliance,  WTN  uses  SonicWall’s 
Pro  5060  firewall/VPN  appliance 
and  NetMotion  Wireless’  Mobility 
XE  mobile  VPN  server. 

Proven  effectiveness 

Another  plus  of  WTN’s  network- 
based  approach:  Treatment  data 
is  entered  by  call  center  person¬ 
nel  who  record  the  steps  taken. 
“One  of  the  problems  doctors 
face  is  they  are  now  forced  to 
spend  a  lot  of  time  filling  out 
paperwork,  and  that  cuts  into  the 
time  they  can  spend  interacting 
with  patients,”  Pollack  says.  “Be¬ 
cause  our  system  relieves  doc¬ 
tors  of  many  of  those  responsibil¬ 
ities,  they  can  treat  more 
patients.” 

Further,  wounds  can  be  treated 
in  more  locations.  Wound 
patients  can  receive  treatment  at 
WTN  clinics  or  their  own  homes, 
assisted-living  facilities  or  at 
physicians’  offices. 

In  addition  to  clearing  technical 
hurdles, WTN  faced  business  chal¬ 
lenges,  such  as  getting  healthcare 
insurers  to  recognize  its  work,  as  it 
has  built  up  its  business.  Insurers 
such  as  Humana  Health  Care, 
Medicare,  Medicaid  and  United 
Health  Care  will  pay  for  patients 
that  the  company  treats.  And  no 
wonder  —  because  patients  heal 
more  quickly,  insurance  compa¬ 
nies  benefit:  They  saved  as  much 
as  85%  on  their  wound  treatment 
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bills,  WTN  reports. 

WTN  is  now  stretching  its 
reach.  “Recently,  we  expanded 
our  business,  so  we  are  working 
with  healthcare  providers  in 
California  and  Nevada  as  well  as 
Florida,”  Pollack  says.  The  compa¬ 


ny  operates  nine  clinics  in 
Florida,  two  in  Las  Vegas  and  two 
in  California,  and  supplements 
those  offices  with  mobile  health¬ 
care  professionals. 

WTN  expects  its  work  to  serve 
as  a  model  for  other  healthcare 


providers.  “To  date,  telemedicine 
applications  have  focused  on 
serving  rural  areas,  providing  a 
doctor  to  someone  in  Montana,” 
Pollack  says.  “We  think  the  poten¬ 
tial  benefits  are  just  as  significant, 
perhaps  even  more  significant,  in 


densely  populated  urban  areas.” 

Korzeniowski  is  a  freelance 
writer  in  Sudbury,  Mass.,  who  spe¬ 
cializes  in  technology  issues. 
He  can  be  reached  at  paulkor 
zen@aol.com. 


Move  up  to  Belden’s 
NEW  blanket-coverage 
wireless  technology, 
offering  seamless  mobility 
and  freedom  from 
RF  complexities. 


To  be  effective  in  today’s  business  climate, 
people  have  to  be  connected,  not  only  when 
they  are  at  their  desks  but,  more  importantly, 
when  they  are  on  the  move.  Information 
access  can  no  longer  be  limited  to  a  single 
time  or  place. 

Introducing  the  Belden  Wireless  Solution! 
Overcoming  the  deployment,  performance  and 
management  limitations  of  cell-based  wireless 
LAN  technology,  Belden’s  solution  eliminates 
RF-related  complexities  by  utilizing  channel- 
blanket  topology,  in  which  every  radio  channel 
is  present  at  every  access  point  -  creating 
blankets  of  continuous  wireless  coverage. 

The  result?  No  roaming  latency  or  co-channel 
interference.  Just  seamless  mobility. 

The  Belden  Wireless  Solution  provides  for 
the  coexistence  of  all  types  of  users,  devices 
and  traffic  -  enabling  data,  video  and  voice 
(VoWLAN)  applications  in  wide-reaching 
WLAN  deployments. 


The  Belden  Wireless  Solution  delivers  the 
upward  mobility  of  a  WLAN  while  maintaining 
the  simplicity  of  a  conventional  hard-wired  LAN. 


BELDEN 

SENDING  ALL  THE  RIGHT  SIGNALS 


©2006,  Belden  Inc. 


For  more  information,  call  Belden 

at  1.800.BELDEN.1 
Or,  visit  us  online  at 

www.belden.com 


hris  Finucane  recently  received 
an  unsolicited  e-mail  from  a 
user  who  wanted  to  know  why 
his  files  were  suddenly  flying 
v:‘  over  the  WAN.  The  question  — 
which  came  from  someone 
who  often  complained  about  network  sluggishness  —  sur¬ 
prised  Finucane.“lf  users  notice  the  difference  without  you 
asking,  you  know  you  have  something  good,”  says 
Finucane,  who  is  CTO  in  the  Office  of  Inspector  General  for 
the  U.S.  Department  of  Health  and  Human  Services. 

In  this  case,  that  something  is  WAN  optimization,  an 
advanced  technology  for  improving  application  perform¬ 
ance  over  the  wide  area.  A  year  ago,  IT  began  deploying 
Riverbed  Technology’s  Steelhead  appliances  in  its  85  field 
and  10  regional  offices,  including  its  Washington,  D.C., 
headquarters.  In  the  process,  IT  has  opened  the  floodgates 
for  wide-area  data  transfers  and  positioned  the  01G  to  han¬ 
dle  bigger  and  more  info-intensive  projects.  For  these  rea¬ 
sons,  the  HHS  OIG  is  a  2006  Enterprise  All-Star. 


In  search  of  better  WAN  performance 

Finucane  hadn’t  planned  on  exploring  using  this  type  of 
technology,  already  having  allocated  his  annual  IT  budget 
to  other  projects.  Plus  John  Rogosky,  OIG’s  network  man¬ 
ager,  had  just  finished  a  network  upgrade,  swapping  out 
56Kbps  frame  relay  links  for  T-ls  between  the  offices  and 
MCI’s  vBNS  mesh  network.  But  the  bandwidth  increase 
didn’t  deliver  the  performance  upgrade  Finucane  ex- 
pected.Teople  should  have  been  cheering.  But  not  a  lot  of 
notice  came  out  of  that,”  he  says. 

The  OIG  is  a  watchdog  organization  for  HHS’  300-plus 
programs,  which  include  Medicare  and  Medicaid.  OIG 
auditors  make  sure  program  funds  are  distributed  and 
used  properly;  analysts  evaluate  HHS  programs  for  effi¬ 
ciency  and  effectiveness;  investigators  look  into  possible 
instances  of  fraud  or  abuse;  and  attorneys  provide  legal 
services.  OIG  can  assess  monetary  penalties  for  violations 
such  as  false  billing,  as  well  as  exclude  people  from  par- 
I  ticipating  in  federal  healthcare  programs. 
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With  its  investigative  bent,  the  OIG  is  a  data-  and  research- 
heavy  outfit. While  remote  staffers  had  some  access  to  cen¬ 
tralized  systems,  they  had  grown  accustomed  to  less-than- 
ideal  e-mail  performance  and  file  server  access  over  the 
WAN. With  the  bandwidth  upgrade  doing  little  to  improve 
conditions,  Finucane  realized  he  needed  to  do  more,  espe¬ 
cially  as  requirements  for  sharing  data  among  far-flung 
users  were  increasing.“We  had  a  couple  of  different  initia¬ 
tives  that  were  pushing  us  to  find  a  way  to  streamline  our 
network,”  he  says. 

For  example,  OIG  leaders  wanted  field  staff  to  be  able  to 
query  a  central  mainframe  database,  then  produce  and 
transfer  customized  test  reports  or  spreadsheets.  “With  the 
existing  infrastructure,  it  didn’t  look  like  we  were  going  to 
be  able  to  support  it  with  an  acceptable  response  time  for 
our  users,”  Finucane  says. 

In  addition,  the  OIG  was  mulling  long-range  plans  to  con¬ 
solidate  its  IT  infrastructure.  With  its  existing  setup.it  main¬ 
tains  servers  in  each  of  its  10  regional  offices. This  means 
carrying  more  user  licenses  than  it  would  need  if  the  appli¬ 
cations  ran  on  a  central  server. The  OIG  potentially  could 
cut  back  on  licensing  by  centralizing  more  servers  and 
applications  —  but  not  unless  Finucane  could  find  a  way 


to  offset  the  performance  hit  that  users  in  remote  offices 
would  suffer  if  they  lost  their  local  server  power. 

With  so  many  network-intensive  demands  looming, 
Finucane  and  Dave  Agsten,  infrastructure  architect  at  the 
OIG,  started  looking  into  ways  to  improve  throughput.  As 
part  of  that  effort, the  OIG  tested  WAN  optimization  devices 
from  three  vendors.The  offerings  were  comparably  priced, 
but  Riverbed’s  Steelhead  appliances  delivered  the  greatest 
performance  improvements,  Finucane  says. 

Redundant  transfers  be  gone 

In  tests  and  in  production,  Finucane  found  some  of  the 
most  impressive  gains  came  from  Riverbed’s  ability  to 
eliminate  repetitive  traffic  from  WAN  links  —  a  feature  the 
vendor  calls  scalable  data  referencing. 

Riverbed’s  devices  work  by  intercepting  TCP  requests 
sent  across  a  WAN  link,  then  segmenting  and  indexing  the 
data.  Once  the  data  has  been  indexed,  it  is  compared  with 
data  on  the  disk.  To  speed  transmissions,  the  appliance 
doesn’t  send  data  segments  that  already  have  been  trans¬ 
ferred  across  the  WAN;  a  reference  is  sent  instead.  Even  if  a 
file  is  e-mailed  first  and  later  posted  to  a  file  server,  the 

Continued  on  page  88 


All-Star  Wit  S  Wisdom  “Never  deploy  a  [WAN  acceleration  appliance]  to 
to  keep  it,  because  your  users  mil  not  allow  you  to  take  it  away,  i 

-  NINA  PALLUDIN,  VICE  PRESIDENT  OF  IT,  PACCESS 


a  location  where  you  don’t  Intend 
The  difference  is  that  noticeable, 
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If  users  notice  the 
difference ...  you  know  you 
have  something  good." 


CHRIS  FINUCANE,  CTO,  U.S.  DEPARTMENT 
OF  HEALTH  AND  HUMAN  SERVICES 
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Building  an  optimal  WAN 

+  Since  deploying  WAN  optimization,  a  government  agency 
sees  one-tenth  the  amount  of  data  on  its  net. 

BY  ANN  B  E  O  N  A  R  Z 
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appliance  can  recognize  the  content  and  avoid 
sending  it  across  the  WAN. 

The  OIG  tested  the  scalable  data-referencing 
technology  by  sending  150MB  files  repeatedly 
Data  files  previously  processed  by  the  appliance 
could  be  transferred  in  seconds,  not  minutes, 
even  it  the  file  name  was  different  or  some  data 
elements  had  been  changed,  Finucane  says. 

The  appliance  also  reduces  the  number  of  TCP 
packets  required  to  transfer  data.  It  intercepts  TCP 
requests  and  repacks  the  TCP  payload  with  refer¬ 
ences  to  data  on  the  other  end  of  the  WAN,  reduc¬ 
ing  the  number  of  round  trips  generated  by  TCP 
The  Riverbed  technology  minimizes  latency  by 
reducing  unnecessary  chatter  in  applications 
such  as  Microsoft  Exchange,  he  says. 

Built-in  management  features  let  the  OIG 
monitor  system  conditions,  as  well  as  track  traf¬ 
fic  reductions.The  OIG  sees  the  greatest  reduc¬ 
tion  in  Microsoft  Windows  Common  Internet 
File  Sharing  transfers,  but  HTTP  Messaging  API 
and  SMTP  traffic  also  are  reduced.  Overall,  the 
data  traversing  the  network  is  reduced  to  about 
one-tenth  of  what  it  would  be  without  WAN 
optimization,  he  says. 

Looking  ahead,  OIG  is  keeping  tabs  on 
Riverbeds  plans  to  develop  client-emulation 
software  to  let  mobile  staff  achieve  some  of  the 
same  throughput  improvements  from  laptops. 
The  software  would  increase  throughput  and 
make  even  a  dial-up  line  efficient  for  people  on 
the  road  performing  investigations  and  audits, 
Finucane  says. 

Finucane  is  glad  he  didn’t  go  the  add-more- 
bandwidth  route.  In  retrospect,  he  says,  OIG 
might  not  have  experienced  any  improvement 
bumping  up  line  speeds. And  the  expense  would 
have  been  higher.“Doubling  the  T-ls  in  our  field 
offices  and  adding  more  T-ls  in  our  regional 
offices  would  probably  have  been  the  same  as 
the  cost  of  the  first-year  investment  in  the 
Steelheads,”  Finucane  says.  Because  the  OIG  can 
avoid  paying  the  cost  of  increased  bandwidth 
going  forward,  that’s  money  saved  each  year.  • 
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VoIP:  an  invaluable  asset 

+  A  converged  net  means  unprecedented  productivity  for  these  bankers. 


BY  BETH  SCHULTZ 


hen  it  comes  to  using  advanced  technology  120-employee  Goldsmith  Agio 
Helms  could  teach  the  mega-sized  investment  banks  of  the  world  a  thing  or 
two. Take,  for  example,  the  sophisticated,  converged  network  infrastructure  over 
which  the  Minneapolis-based  firm  conducts  its  multinational  business.  Because  it 
supports  advanced  applications  such  as  instant  messaging/presence,  unified  messaging,  video  calling 
and  Voipthe  network  lets  bankers  stay  in  touch  and  up  to  date  at  all  times. 

Unified  messaging  has  proved  particularly  beneficial  for  Goldsmith  Agio  Helms, says  Chris  Ferski,vice 
president  of  IT  at  the  firm.  Using  a  simple  baseline  calculation,  Ferski  figures  the  new  voice  mail  system 
saves  80%  of  people  10  to  20  minutes  a  day  That’s  because  no  one  ever  has  to  miss  a  message  again. 
Employees  get  notices  on  their  new  handhelds  when  voice  mail  arrives.  Such  integration  has  elevated 
the  level  of  customer  service  to  an  all-time  high. 

In  essence,  Goldsmith  Agio  Helms  has  become  a  virtual  company  capable  of  unprecedented  employ¬ 
ee  productivity  and  customer  responsiveness.  As  such,  it  earns  a  2006  Enterprise  All-Star  Award. 


“I  wasn’t  sold  on 
the  idea  that  it 
had  to  be  VoIP, 
bat  as  we  got 
into  the  project 
I  realized  it  was 
the  only  choice” 


CHRIS  FERSKI, 

VICE  PRESI0ERT  OF  IT, 
GOLDSMITH  AGIO  HELMS 


A  much-studied  choice 

Ferski  began  the  network  upgrade  project  shortly  after  joining  Goldsmith  Agio  Helms  in  the  fall  of 
2002. “We  needed  to  shave  off  time  in  everybody’s  workday  and  be  more  reliable. Those  things  are  of 
significant  value  to  us,  and  our  old  system  couldn’t  support  them,”  he  says. 

His  goal  was  building  a  rock-solid  foundation  for  voice,  given  the  company’s  phone-centric  nature. 

“VoIP  was  definitely  in  my  mind  from  the  get-go  [even  though]  it  was  pretty  new  at  the  time,”he  says. 

“I  wasn’t  sold  on  the  idea  that  it  had  to  be  Voipbut  as  we  got  into  the  project  I  realized  it  was  the  only  choice.” 

To  boost  bankers’  productivity  Ferski  had  to  be  able  to  integrate  desk  phones  and  computers,  and  enable  on-the-fly  mobility 
for  phone  extensions. That  would  have  been  tough  without  a  true  IP  platform,  he  says. 

To  find  that  desired  system,  Ferski  put  five  vendors  through  the  wringer,  rating  them  on  their  ability  to  deliver  24  critical  items. 
Those  included  four-digit  dialing,  call  routing,  collaboration,  network  integration  and  management,  as  well  as  product  longevity 
and  long-term  investment  protection.  Nortel  blew  away  the  competition,  he  says, scoring  21  out  of  a  possible  24  points. 

Sound  investment 

Last  year,  Ferski  oversaw  the  firm’s  migration  to  an  all-Nortel  network.  Besides  traditional  Ethernet  switches  for  data, the  network 
comprises  the  Nortel  Multimedia  Communication  Server  5100  and  the  Nortel  Communication  Server  1000  system,  which  sup¬ 
ports  CallPilot  unified  messaging.The  firm  spent  between  $200,000  and  $400,000  on  the  overall  infrastructure,  Ferski  says. 

Based  on  productivity  gains  alone,  Ferski  says  the  firm  will  see  a  return  on  its  infrastructure  investment  in  less  than  three  years. 
For  Goldsmith  Agio  Helms,  convergence  is  a  safe  bet  indeed.  • 


PACCESS 


WAN  QoS  delivers  the  goods 

i  hen  your  customers  include  the  world’s  largest  automakers,  proponents  of  customized 
manufacturing  and  just-in-time  delivery,  your  enterprise  applications  and  network  must 
operate  at  peak  performance  and  security.  Such  is  the  reason  Inergy  Automotive 
Systems,  a  maker  of  plastic  fuel-delivery  systems  and  fluid-storage  technologies,  began  consolidat¬ 
ing  enterprise  servers  and  applications  and  plotting  its  migration  to  a  converged  infrastructure.  “QoS 
is  the  cornerstone  of  our  consolidation  and  convergence  strategy,”  says  Arun  OeSouza,  CISO  and  man¬ 
ager  of  global  assurance  at  Inergy  in  Troy,  Mich.  From  the  first  quarter  of  2005  through  the  first  quar¬ 
ter  of  2006,  Inergy  rolled  out  Packeteer’s  QoS  technologies  (PacketShaper,  Report  Center  and  Policy 
Center)  across  its  network.  These  guarantee  mission-critical  applications  all  the  bandwidth  they 
need,  whenever  they  need  it.  Benefits  of  this  $300,000  QoS  project  are  numerous,  including  an  aver¬ 
age  300%  bandwidth  gain  via  compression,  enhanced  security  and  traffic  control,  DeSouza  says. 


+ Accelerating  applications  across  the  WAN 

a  a  global  supply  chain  integrator,  Paccess  maintains  a  steady  stream  of  applica- 
M  Qtion  traffic  between  its  headquarters  in  Portland,  Ore.,  and  countries  in  Asia.  With 
MOtranscontinentai  traffic  reaching  6GB  daily  across  relatively  low-speed  MPLS 
links,  application  performance  was  beginning  to  suffer  greatly,  says  Nina  Palludan,  vice  presi¬ 
dent  of  IT.  Paccess  fixed  the  problem  without  having  to  boost  bandwidth  on  its  expensive  Asian 
links  by  applying  multipurpose  WAN  acceleration  appliances  from  Juniper  Networks.  The  WXC 
appliances  provide  file  and  e-mail  compression,  Common  Internet  File  System  acceleration, 
information  caching  and  QoS-based  traffic  prioritization.  The  company  has  achieved  an  ROI  in 
less  than  six  months  while  reducing  bandwidth  consumption  by  50%  and  application  latency 
by  60%,  Palludan  reports.  She  shares  this  lesson  learned  from  her  Enterprise  All-Star  project: 
“Never  deploy  the  device  to  a  location  where  you  don't  intend  to  keep  it,  because  your  users  will 
not  allow  you  to  take  it  away."  a 


All-Star  Wit  S  Wisdom  “WAN  optimization  most  significantly  enhanced  [IT’s]  credibility 
in  the  eyes  of  the  business  through  reliable  quality  of  service  and  guaranteed  user 

experience  for  critical  applications.” -arun  oesouza,  ciso,  inerby 
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RESTORE  AND  MAINTAIN  PEAK  PERFORMANCE 


Eight  things  you  need  to  know  about  fragmentation  — 


a  special  report 


Diskeeper’s  interface  shows  fragmentation  levels  and  relative  location  of  all 
the  files  and  folders  on  the  selected  volume. 


As  an  IT  Professional,  you 
know  the  importance  of 
maintaining  system  per¬ 
formance  and  reliability. 
Your  team  is  the  one  called  to  the 
rescue  when  desktops  or  servers 
crash,  slow  down  or  freeze.  Many 
of  these  issues  stem  from  a 
single,  hidden  source:  disk  frag¬ 
mentation. 

1  Reliability  issues  com¬ 
monly  traced  to  disk 
■  fragmentation:  Crashes 
and  system  hangs/freezes;  slow 
boot  times  and  boot  failures;  slow 
back  up  times  and  aborted 
backup;  file  corruption  and  data 
loss;  errors  in  programs;  cache 
issues;  hard  drive  failures. 

Having  files  stored  contiguously 
on  the  hard  drive  is  a  key  factor  in 
keeping  a  system  stable  and  per¬ 
forming  at  peak  efficiency.  Even  a 
small  amount  of  fragmentation  in 
your  most  used  files  can  lead  to 
crashes,  conflicts  and  errors. 

2  The  weak  link  in 
today’s  computers:  A 

■  computer  system  is  only  as 
fast  as  its  slowest  component. 
The  disk  drive  is  by  far  the  slowest 
of  the  three  main  components  of 
your  computer:  CPU,  memory 
and  disk.  Even  with  the  fastest 
CPU  system  performance  would 
be  affected  by  disk  fragmentation. 

31s  Daily  Defragmentation 
needed  in  today’s  envi- 
■  ronment?  More  than  ever! 
Large  disks,  multimedia  files, 
applications,  operating  systems, 
system  up-dates,  virus  signatures 
—  all  dramatically  increase  the  rate 
of  fragmentation.  Fragmentation 
increases  the  time  to  access  files 
for  all  common  system  activities 


including  opening  and  closing 
Microsoft®  Word  documents, 
searching  for  emails,  opening  web 
pages  and  performing  virus 
scans.  To  keep  performance  at 
peak,  defragmentation  must  be 
done  daily. 

4  Increased  server  uptime: 

Fragmentation  can  cripple 
■  server  performance  and 
reliability  resulting  in  downtime 
and  lost  production.  Diskeeper 
can  easily  and  safely  be  used  on 
your  servers  including:  file  and 
print,  web,  domain  controllers, 
SQL,  Exchange,  and  any  other 
database  or  application  servers. 

5  Virtualization  and  frag¬ 
mentation:  Server  virtual- 
n  ization  can  be  used  to 
reduce  the  number  of  physical 
systems  for  more  efficient  CPU 
utilization.  However,  there  is  a 
downside;  the  disk  subsystem 
must  now  account  for  increased 
disk  I/O.  Disk  fragmentation  the 
primary  cause  of  unnecessary  I/O 
overhead.  Automatic  defragmen¬ 
tation  is  more  important  than  ever 
for  maximum  performance. 

6  Hidden  manual  defrag¬ 
mentation  costs: 

■  Manual  defragmentation  is 
not  “free”  —  it  has  heavy  hidden 
costs,  such  as  IT  time  to  manually 
defrag  every  system.  This  results 
in  either  staying  after  hours  to 
defrag,  giving  the  users  adminis¬ 
trator  privileges  (not  likely!), 
break-fix  handlings,  or  more  often 
no  defrag  whatsoever. 

7  How  do  I  find  out  how 
much  fragmentation  I 
■  have?  Download  a  free  trial 
version  of  new  Diskeeper  1 0  at: 

www.  diskeeper.  com/analysis3 


Install  it,  select  a  volume,  select 
Analyze  and  view  the  report. 

8  Advanced,  automated 
defragmentation: 

■  Manually  defragmenting 
every  system  every  day  is  simply 
not  possible  in  even  small  networks 
let  alone  enterprise  sites.  IT 
Managers  use  Diskeeper’s  “Set  It 
and  Forget  It”®  operation  for  auto¬ 


matic  network-wide  defragmenta¬ 
tion.  Customers  agree  Diskeeper 
maintains  the  performance  and 
reliability  of  their  desktops  and 
servers,  reducing  maintenance  and 
increasing  hardware  life. 

Every  system  on  your  network 
needs  Diskeeper,  the  Number 
One  Automatic  Defragmenter™ 
with  over  20  million  licenses  sold! 


Diskeeper/0 

The  Number  One  Automatic  Defragmenter 


Special  Offer 


Try  Diskeeper  10  FREE  for  45  days! 

Download:  www.diskeeper.com/nww4 

(Note:  Special  45-day  trialware  is  only  available  at  the  above  link) 

Volume  licensing  and  Government  /  Education  discounts  are 
available  from  your  favorite  reseller  or  call  800-829-6468  code  4352 

For  test  results,  white  papers  and  case  studies,  visit  http://www.diskeeper.com/nwwdocs 


Sponsored  by: 


©2006  Diskeeper  Corporation.  All  Rights  Reserved.  Diskeeper,  The  Number  One  Automatic  Defragmenter,  “Set  It  and  Forget  It"  and  the  Diskeeper  Corporation  logo  are  registered  trademarks  or  trademark:,  of 
Diskeeper  Corporation  in  the  United  States  and/or  other  countries.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  Diskeeper  Corporation  •  7590  N. 
Glenoaks  Blvd.  Burbank,  CA  91504  •  800-829-6468  •  www.diskeeper.com 
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Storage 


+  Class  of  service  brings  a  publisher  scalability, 
manay8dL:Hity  and  savings,  a v  oe« i  connor 


t  Las  Vegas  Review- 
Journal,  company 
growth  —  largely 
through  acqui¬ 
sition  —  had 
turned  data 

storage  into  a  huge  management  chal¬ 
lenge.  By  addressing  the  problem  using 
innovative  class-of-service  technology,  IT 
has  eased  the  storage  burden  while  saving 
the  company  money  —  and  netting  it  a 
2006  Enterprise  All-Star  Award. 

Steve  Olson,  infrastructure  manager  at  the 
Las  Vegas-based  publishing  group, 
describes  his  quandary  The  most  business- 
critical  editorial,  advertising  and  account¬ 
ing  database  data  was  stored  on  a  4TB  EMC 
Symmetrix  DMX  8530  array  and  a  1TB  EMC 
Celerra  network-attached  storage  (NAS) 
array  Desktop  data  —  files,  e-mail  and 
archived  documents  —  was  mostly  stored 
on  about  60  Macintosh,  Solaris  and 
Windows  servers  at  40  sites  in  nine  states 
but  some  of  it  resided  on  the  high-end 
Symmetrix.  Storing  non-business-critical 
desktop  data  on  expensive  primary  storage 
didn’t  make  sense;  neither  did  buying  more 
servers  with  direct-attached  storage,  which 
would  have  complicated  the  management 
problem,  he  says. 

“We  needed  storage  that  didn’t  need  to  be 
as  fast  or  as  expensive  for  our  Tier-2  data,” 
Olson  says.  He  wanted  a  system  to  which  he 
could  move  the  less  business-critical  data 


being  stored  on  the  Symmetrix  as  well  as 
for  the  messaging,  home  directory  and  file 
data  being  stored  on  the  servers. 

A  classy  storage  strategy 

Olson  found  his  answer  in  a  storage-area 
network  (SAN)  and  NAS  combination.  He 
could  choose  from  a  host  of  vendors,  such 
as  storage  heavyweights  EMC,  IBM  and 
Network  Appliance.  But  start-up  Pillar  Data 
Systems  grabbed  his  attention,  especially 
when  the  company  talked  to  him  about 
CoS  available  with  its  Axiom  500 
midrange  storage  system,  he  says. 

With  CoS,  Olson  would  be  able  to  priori¬ 
tize  a  server's  access  to  disk  according  to 
the  business  criticality  of  the  application 
running  on  it.  That  means  he  would  be 
able  to  use  Pillar’s  system  to  assign  busi¬ 
ness-critical  Tier  1  production  databases 
to  the  highest  priority  of  I/O  while  giving 
less  important  applications, such  as  a  mes¬ 
saging  system,  a  lower  priority,  he  says. 
Prioritizing  data  in  this  fashion  would  let 
him  store  the  most  important  data  on 
high-speed,  expensive  Fibre  Channel  disk 
and  the  less  important  data  on  inexpen¬ 
sive  and  slower  Serial  Advanced 
Technology  Attachment  disk  drives  — 
both  available  in  the  Axiom  system. 

“My  biggest  fear  was  that  because  we 
have  a  shared  set  of  resources  ...  an  SQL 
server  [query]  was  going  to  get  stepped  on 
by  somebody  running  a  personal  media 


clip,”  he  says.“With  class  of  service,  we  can 
prioritize  servers  and  guarantee  speed  of 
access  for  the  servers”  that  need  it. 

Olson  points  to  another  reason  he 
favored  Pillar  —  its  disk-stroking  software, 
which  lets  him  determine  where  on  the 
disk  to  store  data  and  how  quickly  his  1 ,500 


users  can  retrieve  it  (prioritized  I/O). 

Olson  installed  the  $200,000  Axiom  500 
system  in  April,  and  says  he’s  already  see¬ 
ing  cost  savings.The  20TB  Axiom  cost  the 
same  as  his  annual  maintenance  and 
license  fees  for  the  EMC  Symmetrix  DMX 
8530,  for  example.To  scale  the  Symmetrix, 
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•4*  Archiving  for  HIPAA 

better  meet  the  Health  Insurance  Portability  and  Accountability  Act  requirements, 
j  the  IT  staff  at  this  Huntington,  W.  Va.,  hospital  implemented  a  new  archiving  sys¬ 
tem  for  medical  images.  Led  by  Jason  Hill,  radiology  systems  analyst,  and  CIO 
Sanjay  Shah,  the  project  team  installed  an  optical  library  -  the  Plasmon  U00  Archive  Appliance 
connecting  to  its  EMC  Clariion  CX600  storage-area  network.  Using  GE  Healthcare's  Centricity 
picture  archiving  and  communications  system,  Cabeil  Huntington  can  ensure  that  images  can 
be  kept  for  a  minimum  of  21  years.  The  project  cost  $2.3  million  and  in  the  first  eight  months 
of  implementation  has  had  an  ROI  of  $800,000,  the  company  reports. 
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+ Improving  data  storage  with  iSCSI 

or  this  Needham,  Mass.,  school,  iSCSI  storage  is  proving  its  worth.  CIO  Joanne  Kossuth 
says  she  chose  iSCSI  because  it  fits  in  with  the  IP-only  nature  of  Olin's  network  and  it  is 
less  expensive  to  implement  than  Fibre  Channel.  In  the  spring,  she  installed  an  Equallogic 
PS  Series  iSCSI  array  for  $100,000  and  consolidated  her  storage  onto  the  7.5TB  array.  By  doing  so, 
she  reduced  the  cost  of  adding  or  replacing  servers  by  U5%  and  the  cost  of  backup  systems  by  50%. 
As  part  of  Olin's  disaster-recovery  plan,  she'll  partner  with  neighboring  Babson  College,  which  also 
bought  an  Equallogic  array.  As  the  project  continues,  Kossuth  is  busy  migrating  more  data  from 
many  of  the  college's  50  remaining  servers  to  the  Equallogic  array.  a 
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All-Star  Wit  S  Wisdom  “ . .  it  has  been  important  for  as  to  look  hard  at  in-house  skill 
sets  as  well  as  the  technolog]/  architecture  and  to  factor  these  indirect  costs  into  our 
decision-making  processes."- joanne  kossuth,  cio.  franklin  w.  olin  college  of  engineering 
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he  would  have  had  to  buy  a  new  box.  But  expanding  the  Axiom  system  to  a  high  capac¬ 
ity  of  384TB  simply  means  adding  disk  drives. 

Storage  simplicity 

Using  Pillar  software,  Olson  has  migrated  data  from  as  many  as  45  Windows,  Solaris 
and  Macintosh  servers  to  the  Axiom  system,  giving  him  the  benefit  of  managing  a  sin¬ 
gle  storage  environment,  he  says.  And,  because  he  has  a  single  pool  of  information 
rather  than  45  separate  storage  repositories  to  look  at,  he  can  properly  analyze  capaci¬ 
ty  and  use  and  determine  when  he  needs  to  add  disk  drives. 

“Since  data  is  now  all  centralized,  it  will  be  easier  to  manage  and  monitor,”  Olson  says. 
“I  also  have  a  better  justification  for  scaling  growth,  as  well  as  a  centralized  environ¬ 
ment  for  backing  up  the  network.” 


KINDRED  HEALTHCARE 


backup  systems  resides  on  Tier-1  storage  —  three  of  EMC’s 
expensive  Symmetrix  DMX  arrays.  Tier-2  data,  stored  on 
seven  Clariion  midrange  systems,  consists  of  Microsoft 
Exchange,  file  services  and  some  less-than-business-critical 
databases.Tier  3  data  comprises  medical  images, stored  on 
a  Centera  array 

“Images  are  written  to  the  Clariion  and  to  the  Centera  at 
the  same  time,”  Hesson  says.  “At  some  point,  data  on  the 
Clariion  rolls  over  —  the  first-in  information  is  deleted  by 
newer  information.” 

Hesson  insists  that  the  bulk  of  Kindreds  data  be  stored  on 
the  SAN.  “Over  the  last  four  years,  we  have  taken  a  really 
strong  approach  —  any  group  with  over  50GB  of  data  has 
to  really  justify  not  putting  the  data  on  the  SAN,”  he  says. 
“That  gives  us  better  economies." 

The  SAN  consolidation  has  had  dramatic  effects,  he  says. 
“We  drastically  reduced  the  number  of  inter-switch  links 
from  121  to  16,”  he  says.  “At  the  same  time,  we  went  from 
lGbps  to  2Gbps  Fibre  Channel.”® 


Healthy  SAN  procedures 

+  With  a  new  three-tier  SAN,  a  healthcare  provider  consolidated 
180TB  and  slashed  per-port  costs  by  $200. 


iguring  out  an  effective  storage  strategy  is 
no  easy  matter  when  operating  60  hospi¬ 
tals,  225  nursing  centers,  100  rehabilita¬ 
tion  sites  and  50  pharmacies.  But  in  over¬ 
hauling  its  storage  architecture,  Kindred  Healthcare,  a 
nationwide  healthcare  services  provider,  has  accom¬ 
plished  just  that. 

As  part  of  the  overhaul, Tim  Hesson,  corporate  manager 
for  storage  management  at  the  Louisville,  Ky,  company, 
oversaw  consolidation  of  more  than  180TB  of  data  into  a 
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single  storage-area  network  (SAN). Having  run  out  of  ports, 
he  consolidated  the  data  flowing  through  26  McData  Fibre 
Channel  switches  into  a  new, more  scalable  SAN  built  using 
six  Cisco  MDS  9509  Multilayer  Directors.  In  the  process, 
Kindred  reduced  costs  for  internal  customers  by  $200  per 
port  and  realized  $160,000  in  SAN  switch  port  savings  the 
first  year,  Hesson  says.  For  this,  Kindred  earns  recognition  as 
a  2006  Enterprise  All-Star. 

Data  on  Kindred’s  1-year-old  SAN  is  staged  in  three  EMC- 
based  tiers,  Hesson  says.  Data  from  financial,  clinical  and 


For  backups,  Axiom  runs  software  that  automatically  migrates  data  from  one  volume 
to  another. The  AxiomOne  Volume  Replicator  software,  which  is  based  on  storage  man¬ 
agement  technology  from  Kazeon  Systems,  copies  data  on  the  Fibre  Channel  SAN. The 
AxiomOne  File  Replicator  software,  available  through  a  deal  with  remote  data  protec¬ 
tion  vendor  Signiant,  copies  data  on  the  NAS  side. 

With  the  Axiom  system,  Olson  also  plans  to  replicate  data  to  unlike  machines  for  dis¬ 
aster  recovery, a  capability  he  would  find  difficult,  if  not  impossible, to  do  with  an  EMC 
combination.  “EMC’s  [Symmetrix  Remote  Data  Facility]  environment  is  very  expen¬ 
sive.  It  requires  a  whole  bunch  of  McData  channel  extenders  and  Brocade  switches,” 
he  says. 

Olson  says  he  is  testing  Pillar's  replication  capabilities  with  the  hope  of  making 
remote  disaster  recovery  a  possibility.  O 
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Totally  connected 


4-  From  a  10G  optical  core, 
a  California  city  provides  high¬ 
speed  Net  access  like  a  utility. 

BY  TAM  H  A  R  B  E  R  T 


hen  you  think  of 
cities  on  the  cutting 
edge  of  technology 
Loma  Linda,  Calif., 
doesn’t  exactly  spring 
to  mind.  And  yet  resi¬ 
dents  and  businesses  in  this  small  community  60  miles  east 
of  Los  Angeles  have  easier  and  less-expensive  access  to 
higher-speed  broadband  connectivity  than  most. 

“We  became  the  fastest  Internet  city  in  North  America 
because  we  focused  on  getting  started  and  became  com¬ 
mitted  to  getting  it  built.  Residents  and  businesses  have 
connectivity  that’s  faster  and  more  resilient  than  all  but  a 
handful  of  scientific  and  Fortune  15  data  centers  in  the 
world,” says  James  Hettrick,  IS  director  for  Loma  Linda. 

Such  connectivity,  not  to  mention  initiative,  earns  the  city 
of  Loma  Linda  a  2006  Enterprise  All-Star  Award. 

Connecting  a  community 

Loma  Linda’s  Connected  Community  Program  began  in 
late  2003,  when  the  city  council  mandated  data  connectiv¬ 
ity'  in  all  living  and  working  spaces.  It  approved  a  ground¬ 
breaking  law,  updating  the  city’s  residential  and  commer¬ 
cial  wiring  codes  to  require  builders  to  include  structured 
wiring  and  standard  fiber-optic  technology  in  new  con¬ 
struction  and  any  existing  buildings  with  50%  or  more  of 
their  structure  being  remodeled.  This  would  enable  these 
buildings  to  connect  to  one  of  multiple  fiber-optic  rings 


Today  the  Connected  Community  Program  is  well  under¬ 
way  The  city  has  built  a  symmetrical  fiber-optic  network 
capable  of  lOGbps  at  the  core  and  lGbps  at  the  end  nodes. 
It  uses  Allied  Telesis’  fiber-to-the-home  product  line,  which 
includes  switches  and  routers. 

The  city  sees  broadband  as  a  way  to  improve  the  quality 
of  life  and  draw  more  economic  development,  particularly 
in  medical  research  and  related  industries. With  only  about 
20,000  residents,  Loma  Linda  was  underserved  by  broad- 


“Mfe  became  the  fastest  Internet  city 
in  North  America  because  we  focused 
on  getting  started  and  became 
committed  to  getting  it  built.” 

-  JAMES  HETTRICK,  IS  DIRECTOR,  LOMA  LINOA 


that  the  city  would  install  around  the  city 


band  providers  for  too  long,  Hettrick  says.  But  the  area  is  a 
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Building  an  open-source  foundation 

annual  growth  rate  of  110%  began  to  overwhelm  the  infrastructure  of  BNSF 
;  logistics,  a  logistics  and  supply-chain  solutions  provider  in  Springdale,  Ark.,  (and 
I  subsidiary  of  BNSF  Railway,  another  All-Star  winner).  Following  a  series  of  acqui¬ 
sitions,  the  company  had  14  operating  locations,  two  hosting  locations,  two  data  centers  and 
one  business-continuity  site,  led  by  Gregg  Robbins,  systems  architect,  the  project  team  used 
off-the-shelf  hardware  to  connect  all  the  locations  redundantly  and  kept  each  device’s  total 
deployment  cost  to  less  than  $300.  The  team  designed  and  implemented  a  network  foundation 
using  an  open  source  firewall,  which  includes  an  IPSec  VPN,  Open  Shortest  Path  First  routing, 
intrusion  detection  and  content  filtering.  The  deployment  took  fewer  than  90  days  and  came 
in  under  the  $20,000  budget,  Robbins  says. 


+New  data  center  net  for  healthier  recoveries 

Anew  optical  and  storage  network  let  hospital  personnel  at  10  primary  care  and 
remote  sites  access  a  centralized  Picture  Archival  Computer  System  and  quickly 
download  medical  records  and  images,  thus  streamlining  diagnosis.  In  some  cases, 
diagnosis  time  has  been  cut  in  half,  says  Bob  DelCampo,  an  IT  manager  at  the  hospital.  The 
additional  bandwidth  also  is  enabling  new  money-saving  applications,  such  as  videoconfer¬ 
encing  and  remote  upgrade  of  desktops.  Also,  a  new  point-to-point  data  center  network  sup¬ 
ports  synchronous  data  replication,  significantly  improving  recovery  time.  Tier  1  applications 
now  can  be  recovered  in  two  hours  or  less.  The  project  is  expected  to  save  the  hospital  $8  mil¬ 
lion  over  four  years. 


All-Star  Wit  S  Wisdom  “ With  our  l open  source]  approach,  we  can  deploy  a  remote  office 
firewall/router/content  filter  to  a  location  for  under  $00  if  we  reuse  equipment  or  for  about  $300  with  new 

appliance-like  hardware.”  -  gregg  robbins,  systems  architect,  bnsf  logistics 
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medical  research  mecca  with  a  sophisti¬ 
cated,  well-educated  population. With  large 
medical  institutions  such  as  the  Loma 
Linda  University  Medical  Center  and  the 
Jerry  L.  Bettis  Memorial  Veterans  Medical 
Center,  the  population  of  Loma  Linda  swells 
to  60,000  during  the  day 

“These  statistics  drive  a  different  level  of 
decision  making,”  Hettrick  says.“So  we  start¬ 
ed  looking  into  offering  connectivity  and 
smart  Internet  access.” 

At  the  Loma  Linda  University  Medical 
Center,  many  buildings  already  meet  the 
city’s  new  requirements  because  they’ve 
strung  industry-standard  wiring.ln  addition, 


“Residents  and 
businesses  have 
connectivity  that’s 
faster  and  more 
resilient  than  all  but 
a  handful  of  scientific 
and  Fortune  15  data 
centers  in  the  world." 

-  JAMES  HETTRICK,  IS  DIRECTOR,  LOMA  LIHOA 


Loma  Linda  University  is  building  a  $50  mil¬ 
lion  distance-learning  facility  that  falls 
under  the  new  mandate. 

The  Connected  Community  Program 
will  help  the  medical  institutions  connect 
not  only  with  each  other  but  also  with 
third-party  medical-services  businesses 
and  offices,  such  as  pharmacies,  that  are 
scattered  around  the  community.  Plus,  the 
network  will  let  the  medical  centers  con¬ 
nect  and  work  with  entities  worldwide. 
The  distance-learning  center,  for  example, 
will  let  students  from  about  15  foreign 
countries  take  classes  from  the  university, 
Hettrick  says. 

The  network  and  services 

For  the  network,  the  city  has  deployed 
four  self-healing,  fiber-optic  rings  and  their 
associated  intermediate  distribution  frames 
(IDF)  throughout  residential  neighbor¬ 
hoods  and  business  parks.The  IDFs  contain 
the  hardware  to  partition  the  fiber,  as  well 
as  fire  protection,  battery  backup  and  room 
for  third-party  equipment. 

The  rings  cost  $4  million,  Hettrick  says, 
and  he  estimates  that  all  the  development 
that  occurs  within  the  rings  is  worth  about 
$8  million.“So  we  are  getting  a  2:1  return  on 
assets  deployed,”  he  says. 

Through  co-location,  the  network  can 
support  virtually  any  service  or  application. 


For  example, VPN  gear,  co-located  at  an  IDF 
and  working  in  conjunction  with  the  city's 
Allied  Telesis  Layer  3  switches,  could  pro¬ 
vide  virtual  private  networks  for  users  any¬ 
where,  including  in  their  homes,  Hettrick 
says.  This  is  particularly  useful  for  medical 
experts  who  might  want  to  do  research  at 
home  but  need  a  secure  connection,  he 
says.The  cost  is  much  less  than  a  commer¬ 
cial  carrier  would  charge  to  install  a  T1 
line,  he  adds. 

Initially,  the  city  is  offering  high-speed 
Internet  access  as  it  would  any  utility, 
Hettrick  says.  Residents  can  sign  up  for 
5Mbps  service  for  $30  per  month.  Rates  of 
10Mbps  and  15Mbps  cost  $50  and  $100 
per  month,  respectively.  These  speeds  far 
exceed  what’s  typically  available  from 
DSL,  cable  or  T1  services,  and  adoption 
rates  have  been  running  above  50% 
among  commercial  users  and  new  resi- 


COMMUNITY  HEALTH  NETWORK 


•^Private  net,  big  savings 


dences,  he  says. 

But  high-speed  Internet  access  is  “just  a 
small  subset  of  what  this  network  can  do,' 
Hettrick  says.  Because  the  city  owns  the 
network,  it  can  leverage  it  for  all  sorts  of 
city  functions,  such  as  controlling  traffic 
lights.  Loma  Linda  also  is  rolling  out  wire¬ 
less  access  points  to  provide  more  con¬ 
nectivity  options  to  city  field  workers  and 
residents.  And  it  intends  to  bring  in  com¬ 
mercial  providers  of  VoIP  video  on 
demand,  alarm-system  monitoring,  safety 
systems  and  perhaps  IP-based  television  as 
well,  he  adds. 

No  doubt,  the  network  gives  the  small 
town  of  Loma  Linda  a  certain  cachet.  As 
Hettrick  says:  “We  are  a  small  city  who 
knows  who  we  are.” 

Harbert  is  a  freelance  writer  in  Rockville, 
Md.  She  can  be  reached  at  tharbert@com 


Community  Health  Network,  Indianapolis,  built  an  optica!  network  using  technology  from 
Cisco,  IBM  and  CentrePath.  After  a  capital  investment  estimated  at  $1.5  million,  the  new 
network  provides  more  flexible  storage,  the  ability  to  interconnect  multiple  sites  and 
more  bandwidth  [the  digitization  of  medical  records  was  increasing  bandwidth  by  more  than 
d00%  annually)  than  its  previous,  carrier-based  network,  says  Rick  Coppie,  CTO  for  Community 
Health  Network.  The  organization  estimates  it  will  save  more  than  $11  million  over  13  years. 
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0'  SAUGUS  UNION  SCHOOL  DISTRICT 


An  open  source  education 

*  One  California  school  district  created  a  hot  spot  for  community, 
collaboration  and  advanced  education.  Bv  Sa«,0«,> 
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The  open-source-built  social  network  has  “caught  on  beyond  the  scope  we  intended  it  to.” 

-  JAMES  KLEIN,  DIRECTOR  OF  INFORMATION  SERVICES  ANO  TECHNOLOGY,  SAUGUS  UNION  SCHOOL  DISTRICT 


sk  James  Klein  to 
describe  his  latest 
pet  project  —  a 
Web-based 
social  net- 
working 

application  for  teachers  and  administra¬ 
tors  at  his  school  district  —  and  he  jokes, 
“It’s  like  a  MySpace.com  for  grownups.” 

Klein,  who  is  director  of  information 
services  and  technology  at  Saugus  Union 
School  District  (SUSD)  in  Santa  Clarita, 
Calif.,  used  an  open  source  social  net¬ 
working  tool  called  ELGG  to  create  the 
site.  The  tool  joins  his  open  source  arse¬ 
nal,  comprising  Linux  servers,  Apache 
Web  servers,  MySQL  database  servers  and 
the  PHP  scripting  language. 

“We ’re  always  seeking  new  ways  to  elim¬ 
inate  the  traditional  social  and  geograph¬ 
ic  boundaries  that  hinder  communica¬ 
tion  and  collaboration,”  he  says,  adding 
that  most  districts  with  geographically 
dispersed  schools  end  up  with  islands  of 
creativity  rather  than  a  unified  platform. 

The  district  receives  a  2006  Enterprise 
All-Star  Award  for  creating  this  social  net¬ 
work,  an  easy-to-use, technology-rich  envi¬ 
ronment  for  more  than  1,800  teachers 
and  administrators  —  and  departmental 
users  and  students,  too. The  site  is  proving 
to  be  a  great  SUSD  community-builder 
and  tool  for  enhancing  education,  at  no 
cost  but  the  time  Klein  spent  on  develop¬ 
ment. 

One  hundred  fifty  teachers  and  admin¬ 
istrators  across  the  district’s  15  schools 
use  his  homegrown  application  for  blog¬ 
ging,  file  sharing,  posting  videos  and  pod¬ 
casting.  They've  been  busy  since  January 
putting  the  site  through  its  paces,  churn¬ 
ing  out  MP3  files  for  student  downloads 
and  posting  lesson  plans.  Over  the  sum¬ 
mer  break,  teachers  used  the  Web-based 


site  to  collaborate  remotely  on  classroom 
portfolios  and  enhance  their  curricula, 
Klein  says. 

The  rationale  for  open  source 

Though  commercial  tools  exist  to  devel¬ 
op  these  types  of  applications,  they  pose 
significant  challenges,  Klein  says.  “Their 
disparity,  cost  and  complexity  limit  their 
adoption  among  small  organizations,”  he 
says.  Also  lacking  are  standardized,  cen¬ 
trally  managed  solutions,  he  adds.  And 
while  some  of  his  peers  in  the  industry 
use  free  public  Internet  services,  he  says 
he  doesn’t  because  he  worries  about  the 
legal  liability. 

The  commercial  and  public  tools  also 


lack  two  critical  elements:  “They  lack  the 
access  controls  and  accountability  neces¬ 
sary  to  satisfy  the  needs  of  a  school  dis¬ 
trict  and  its  staff.  We  wanted  flexible  and 
secure  access.  Our  users  can  choose  what 
information  they  share  and  with  whom 
they  share  it,”  Klein  says. 

Klein,  who  began  programming  the  site 
in  November  2005,  says  he’s  already  see¬ 
ing  the  innovation  he  hoped  to  spawn. 
“One  teacher  shared  a  project  he  did  on 
beach  erosion  and  tied  together  bits  and 
pieces  of  media  available  on  the  Internet, 
including  Google  maps  and  links  to  Web 
sites.  He  even  put  in  a  question-and- 
answer  section.  This  is  something  he 
would  have  never  done  if  it  were  merely  a 


public  blog,”  Klein  says. 

The  SUSD  site  features  blogging  tools 
with  an  editor  for  adding  in  rich  text,  Web 
links,  pictures  and  file  attachments.  Each 
user  has  access  to  secure  file  storage  and 
sharing,  and  can  control  sharing  of  docu¬ 
ments,  images,  sounds,  short  videos  and 
other  files.  RSS  feeds  and  podcasts  can  be 
posted  for  subscription  or  played  directly 
from  a  blog  post  using  a  thin,  Flash-based 
player,  he  says. 

Klein  has  put  a  250MB  limit  on  files  for 
shared  use,  but  says  he's  open  to  bending 
that  rule.  “The  limitation  is  to  prevent 
someone  who  is  less  experienced  with 
computers  from  uploading  several  giga¬ 
bytes  of  full-screen  video  and  the  like. 


All-Star  Wits  Wisdom  “We  took  the  typical  opensoarce  approach  to  this  [social-network¬ 
ing]  project:  You  bend  it,  stretch  it  and  then  send  it  upstream  to  see  how  it  will  be  used.  ” 

-JAMES  KLEIN,  DIRECTOR  OF  INFORMATION  SERVICES  AND  TECHN0L0BY,  SA0BUS  UNION  SCHOOL  DISTRICT 
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However,  there  are  some  teachers  who  are  sharing  video  of 
classroom  skits  or  other  relevant  files  and  we'll  give  them 
more  access,”  he  says. 

A  popular  destination 

The  project  has  “caught  on  beyond  the  scope  we  intended 
it  to,”  Klein  says.  In  addition  to  teachers  and  administrators, 
departmental  users  are  this  year  lining  up  to  use  the  tool.  For 
example,  he  says,  safety  and  risk  management  personnel 
want  to  use  the  platform  to  host  forms  and  share  reports.“The 
flexibility  and  access  control  mechanism  make  the  system 
an  excellent  communication  and  collaboration  platform  that 
is  relevant  across  the  entire  organization,”  he  says. 

Another  draw  is  the  ability  to  link  educators  across  great 
distances.“The  special  education  department  wants  to  get  all 
of  its  employees  on  the  platform  so  they  can  work  together 
from  anywhere,  including  across  buildings,  campuses  and 
from  conferences.They  won’t  have  to  constantly  worry  about 
who’s  got  what  paperwork  where,”  he  says. 

Virtual  teams  also  are  being  created  around  special  proj¬ 
ects  such  as  grants  or  interest  areas.“Educators  can  host  com¬ 
munities  that  feature  access  to  controlled,  centralized  file 
stores.They  don’t  have  to  worry  about  spam  or  inappropriate 
comments  and  content,”  Klein  says. 

He  sees  a  great  future  for  this  social  networking  project  and 
says  next  up  is  turning  the  students  into  content  providers. 
“Today,  students  can  view  and  download,  but  can't  create 
content.  We  plan  to  experiment  with  teacher-moderated,  stu¬ 
dent-created  content  this  school  year.” 

Gittlen  is  a  freelance  writer  in  Norihborough,  Mass.  She  can 
be  reached  at  sgittlen@charter.net. 


A  polished 
supply  chain 

+  Reduced  shipping  costs  are  among  finishing 
touches  to  this  cabinetmaker’s  All-Star  project. 


BY  SANDRA  GITTLEN 


our  years  ago,  MasterBrand  Cabinets  CIO  Dave  Mewes  faced  one  of  the  toughest  chal¬ 
lenges  of  his  career.  Fortune  Brands,  the  parent  holding  company,  wanted  to  diversify  its 
portfolio  of  cabinet  products  and  began  an  acquisition  spree  under  the  MasterBrand 
name.  Mewes'  mission  soon  became  clear:  Tie  together  the  supply-chain  management 
systems  of  six  diverse  business  units  and  four  sales  channels  without  replacing  the  dozens  of  legacy  sys¬ 
tems  used  by  each  group. 

“We  couldn’t  go  in  and  rip  everything  out  because  we  had  a  business  to  run.  And  we  weren’t  really  under 
one  large  umbrella  so  we  couldn’t  completely  unify”  he  says. 

Mewes  had  to  figure  out  an  alternate  way  to  gain  visibility  into  the  disparate  order-entry  systems,  which 
included  everything  from  SAP  databases  to  CAD/CAM  file  stores  to  Microsoft  Excel  spreadsheets,  so  that  all 
of  the  business  units  and  sales  channels  could  view  critical  information  in  real 
time.The  resulting  effort,  which  has  saved  the  company  a  bundle  while  making 
supply-chain  management  far  more  efficient,  has  earned  MasterBrand  a  2006 
Enterprise  All-Star  Award. 


MEDICALERT  foundation 


^Stringent  SOA  practices 

edicAlert  Foundation,  a  Turlock,  Calif.,  provider  of  medical  information  for 
the  healthcare  community,  overhauled  its  data  network,  abandoning  its 
FTP  infrastructure  in  favor  of  a  .Net  and  SOA  framework.  Started  in  April 
2005,  the  $250,000  project  features  AmberPoint’s  AmberPoint  5.0  for  governance  and 
security;  Microsoft’s  BizTalk  Server  2004  for  process  integration  and  as  a  rules  engine; 
and  Forum  Systems’  suite  of  security  tools.  MedicAlert  has  used  the  architecture  to 
roll  out  its  E-HealthKEY  service,  which  lets  users  carry  and  manage  their  health  infor¬ 
mation  from  a  USB  device. 


"Visibility  is  avail¬ 
able  to  one  and  all. 
They  can  see  an 
order  history  end 
to  end...” 

DAVE  MEWES.  CIO. 
MASTERBRAND  CABINETS 


+Flying  with  a  secure  SOA 

\  ontreal-based  Aeropian,  a  majority-owned  subsidiary  of  ACE  Aviation  Holdings, 

|  recently  unveiled  a  multiyear  vision  -  to  enhance  its  5  million  member  loyalty 
i  program  by  offering  real-time,  non-travel-reiated  reward  redemption.  To  sup¬ 
port  this  initiative,  in  2004  Aeropian  began  an  SOA  rollout  that  features  Reactivity's 
XML  Security  Gateway  appliances  and  lets  the  company  add  partners  -  even  those  with 
legacy  systems  -  to  the  Aeropian  network  within  two  hours.  The  appliances  connect  to 
Aeroplan’s  mainframe  and  MQ  Series  infrastructure  without  needing  significant  con¬ 
figuration  changes.  With  this  XML-enabied  architecture,  Aeropian  says  it  quickly 
recouped  its  investment  (an  undisclosed  amount)  and  projects  a  500%  increase  in  the 
redemption  rewards  business  for  2007. 


Visibility  far  and  wide 

After  18  months  of  intense  research  that  began  in  mid-2004, 

Mewes  and  his  team  rolled  out  Vitria  Technology’s  Perfect 
Order  system  at  the  end  of  last  year.  Perfect  Order's  robust  mes¬ 
saging  system  lets  employees,  customers  and  customer  service 
representatives  link  order  information,  including  customer 
data,  faxes  and  manually  entered  specs,  from  the  myriad  lega¬ 
cy  applications  into  a  unified  Web-based  console  view,  he  says. 

“Visibility  is  available  to  any  and  all. They  can  see  an  order  his¬ 
tory  end  to  end  as  a  single  project,”  he  adds. 

Mewes,  who  used  his  existing  network  infrastructure,  says  his 
team  spent  $80,000  for  an  architect  to  develop  parts  of  the  order 

visibility  network,  such  as  the  back-order  process.  “Once  you  have  a  foundation  of  develop¬ 
ment,  it  is  reusable.  This  equates  to  less  money  and  less  time,”  he  says. 

He’s  also  seen  savings  from  making  the  order  fulfillment  process  more  efficient,  estimating  a 
$300,000  reduction  in  shipping  costs  annually  because  of  better  order  visibility  “Trucks  are  not 
sealed  and  sent  away  with  product  available.  We  no  longer  have  FedEx  and  UPS  charges  for 
items  that  were  overlooked  in  the  initial  shipping,”  he  says. 

Now  that  this  Jasper,  Ind.,  company  has  insight  into  the  end-to-end  process,  orders  can  be 
routed  to  the  appropriate  manufacturing  plant  for  on-time  delivery  and  order  processing  has 
been  cut  from  five  days  to  20  minutes,  Mewes  says.  And  the  ability  to  configure  semicustom 
orders  online  has  reduced  the  workloads  of  order  entry,  customer  service  and  production 
scheduling  teams  by  20%  and  led  to  an  80%  drop  in  administrative  work  required  across  five 
corporate  Web  sites,  he  adds.  The  company  also  has  seen  a  40%  drop  in  customer  service 
phone  traffic,  leading  to  reduced  staffing  costs. 

MasterBrand’s  decision  to  keep  the  legacy  systems  intact  and  put  a  strong  application  on  top 
was  a  big  win,  Mewes  says.“We  needed  to  be  agile,  and  overhauling  the  ERP  systems  would 
have  taken  18  to  24  months.  We  did  what  we  needed  to  do  in  18  to  24  weeks.”  ■ 


All-Star  Wit  S  Wisdom  u[S0A]  governance  is  a  serious  challenge  and  we  needed  to  focus 
on  solving  the  business  problem  and  leave  the  management  issues  to  the  experts. M 
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-JORGE  MERCADO,  SENIOR  ENGINEER,  MEDICALERT  FOUNDATION 
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Enterprise  All-Star 

Technology  focus 

Vendor 

Enterprise  All-Star 

Technology  focus 

Allied  Telesis 

City  of  Loma  Linda 

Fiber  to  the  home 

Juniper 

•  Harvard  Business  School 

■  Security  infrastructure 

Altiris 

Wilson  B  Company,  Engineers 
and  Architects 

Desktop  management 

•  Paccess 

•  University  at  Buffalo 

Health  Sciences 

•WAN  application  acceleration 
■Security  compliance 

AmberPoint 

MedicAlert  Foundation 

Service-oriented  architecture 

}  Layer  3  Communications 

City  of  Loma  Linda 

Fiber  to  the  home 

Application  Security 

Ochsner  Health  System 

Database  application  security 

1  McAfee 

Harvard  Business  School 

Security  infrastructure 

AVIcode 

Evolution  Benefits 

Application  performance  monitoring 

J  Microsoft 

•  MedicAlert  Foundation 

•  PHH  Mortgage 

Service-oriented  architecture 

BladeLogic 

Priceline.com 

Automated  server  provisioning 

Mindreef 

Evolution  Benefits 

Application  performance  monitoring 

CentrePath 

•  Children's  Hospital  of  Philadelphia 

•  Community  Health  Network 

•  Optical  network  and  storage 
■Optical  network  and  storage 

Network  Intelligence 

FirstHealth  of  the  Carolinas 

Security  infrastructure 

Cisco 

•  BNSF  Logistics 

•  BNSF  Railway 

•  Community  Health  Network 

•  Kindred  Healthcare 

•  FirstHealth  oftheCarolinas 

•  Security  and  net  infrastructure 
■Automated  change  management 
•Optical  network  and  storage 
•Storage-area  network 
•Security  infrastructure 

Nortel 

•  BNSF  Railway 

•  Goldsmith  Agio  Helms 

•Automated  change  management 
•  Convergence 

Opsware 

BNSF  Railway 

Automated  change  management 

Orthogon  Systems  (now  Motorola] 

Kansas  City  Power  8  Light 

Wireless  network 

Packeteer 

•  Harvard  Business  School 

•  Inergy  Automotive  Systems 

•Security  infrastructure 
•WAN  quality  of  service 

Citrix  Systems 

Southwest  Washington  Medical  Center 

Single  sign-on  security 

CounterStorm 

NewYork-Presbyterian  Hospital 

Internal  intrusion  prevention 

Pillar  Data  Systems 

Las  Vegas  Review-Journal 

Tiered  storage 

DataSynapse 

Wachovia  Bank 

Application  virtualization 

Plasmon 

Cabell  Huntington  Hospital 

Data  archiving 

Dell 

•  Papa  Gino's  and  D'Angelo  Sandwich  Shops 

•  Appalachian  State  University 

•  Trusted  Platform  Module  security 
•Policy-based  switching 

Polycom 

Wound  Technology  Network 

Wireless-based  telemedicine 

PolyServe 

Taleo 

Application  virtualization 

Elemental  Security 

University  at  Buffalo 

Security  compliance 

Ouagga.net 

BNSF  Logistics 

Security  and  net  infrastructure 

Health  Sciences 

Reactivity 

Aeroplan 

Service-oriented  architecture 

Elgg.org 

Saugus  Union  School  District 

Open  source  online  collaboration 

Red  Hat 

Taleo 

Application  virtualization 

EMC 

•  Children’s  Hospital  of  Philadelphia 

•  Cabell  Huntington  Hospital 

•  Kindred  Healthcare 

■  Optical  network  and  storage 
•Data  archiving 
•  Storage-area  network 

Riverbed  Technology 

•  U.S.  Department  of  Health  8  Human 
Services,  Office  of  Inspector  General 

WAN  optimization 

Enterasys  Networks 

Appalachian  State  University 

Policy-based  switching 

Security 

1-800-flowers.com 

Internal  threat  monitoring 

Skybox  Security 

Credit  Suisse 

Application  dependency  mapping 

EqualLogic 

Franklin  W.  Olin  College  of  Engineering 

iSCSI  storage 

Softricity  (now  a  Microsoft  company) 

•Alamance  Regional  Medical  Center 
•  Southwest  Washington  Medical  Center 

•Application  virtualization 
•Single  sign-on  security 

Fiberlink  Communications 

Continental  Airlines 

Policy-based  secure  access 

Forum  Systems 

MedicAlert  Foundation 

Web  services  security 

SonicWall 

Wound  Technology  Network 

Wireless-based  telemedicine 

HP 

Taleo 

Application  virtualization 

Symantec 

University  at  Buffalo 

Health  Sciences 

Security  compliance 

IBM 

•  Community  Health  Network 

•  PHH  Mortgage 

•  Vassar  Brothers  Medical  Center 

•  Optical  network  and  storage 
■  Desktop  management 
•Wireless  infrastructure 

The  Information  Management  Group 

City  of  Loma  Linda 

Fiber  to  the  home 

IBM  Global  Services 

Children’s  Hospital  of  Philadelphia 

Optical  network  and  storage 

Verizon 

Wound  Technology  Network 

Wireless-based  telemedicine 

Vitria  Technology 

MasterBrand  Cabinets 

Supply-chain  management 

Imprivata 

Southwest  Washington  Medical  Center 

Single  sign-on  security 

InnerWireless 

Intelligent  Computer  Solutions 

Vassar  Brothers  Medical  Center 

Wireless  infrastructure 

VMware 

*  Las  Vegas  Review-Journal 

•  Subaru  of  Indiana  Automotive 

•Tiered  storage 
•Server  virtualization 

PHH  Mortgage 

Desktop  management 

Vocera  Communications 

Vassar  Brothers  Medical  Center 

Wireless  infrastructure 

IPCop.org 

BNSF  Logistics 

Security  and  net  infrastructure 

Vontu 

Prudential  Financial 

Extrusion  detection 

Wave  Systems 

Papa  Gino’s  and  D’Angelo  Sandwich  Shops 

Trusted  Platform  Module  security 

NANCY  STAHL 


Fixing  a  mission-critical  server  in  a 
remote  location  can  be  as  tricky  as 
fixing  the  Hubble  Telescope. 


. 

Pjtjjj 

jar 

1  ■ 

M,.:; 

0 

Raritan's  world-class  KVM  and  serial  console  and  power  control  solutions  help  you  eliminate  the  barriers  of 
time  and  distance.  Manage  IT  assets  in  remote  offices,  or  right  in  your  data  center,  at  anytime,  from  anywhere. 


"Before,  when  we  got  an  alarm,  too  much  precious  time  was  wasted  sifting 
through  IP  addresses  to  find  the  server  triggering  the  alarm.  Now,  we  can 
quickly  locate  the  server  and  bring  experts  together  "virtually"  from  different 
parts  of  the  company  to  troubleshoot  the  problem,  whether  they're  in  the 
data  center  or  anywhere  else  in  the  world."  It's  all  part  of  the  future  of  IT 
infrastructure  management.  From  Raritan. 

www.EliminateTime  And  Distance.com 


^Raritan 

When  you're  ready  to  take  control' 


©  2006  Raritan,  Inc.  Raritan  is  a  registered  trademark  of  Raritan,  Inc. 


KVM  Rack  Drawers  Panel  Mount  LCD 


The  most  efficient  way  to 
organize  your  server  room. 

1U  or  2U 

15",  17",  19"  or  20" 
VGA,  DVI 
PS/2,  USB,  or  Sun 
Touchpad  or  Trackball 


Mounts  vertically  in  a 
\  standard  19"  rack. 

'  15",  17",  19",  20",  or  23" 

VGA,  DVI,  S-Video 
Optional  Touchscreen 
Optional  Built-in  KVM  Extenders 


Digital  KVM  IP 
Switches 

Switch  &  control  l,OOOs 
of  computers  &  network 
devices  over  IP 

Advanced  Security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


Multi-platform 
KVM  switches 

Switch  &  control  l,OOOs  of 
\  computers  and  network 
devices 

Advanced  Security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


KVM  Extenders 

Extends  keyboard,  video, 
and  mouse  signals  up  to 
33,000  feet 

Rber,  CATx 
DVI,  VGA,  High  Res. 
PS/2,  USB,  Sun 
Audio,  Serial 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+44  (0)  1264  85057 
+65  6324  2322 
+617  3388  1540 


www.rose.com 

281  933  7673  800  333  9343 

ROSE  ELECTONICS  10707  STANCH FF  ROAD  -  HOUSTON,  TEXAS  77099 
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Everything  You  Need  for  Remote  Network  Management 


Console  Ports  +  Power  toijil  +  Sial-Up  Modem  =  111 


Web  Browser  Interface 


£|wn  Tomato  Port  Swiirhm  Mir  IntoinH  I  *(<!»> 


fie  IS  #bw  Jodi  tidp 


■  Web  Browser  Access  for  Easy  Setup  and  Operation 

■  Telnet,  Interna!  Modem  and  Serial  Access 

■  Four  Individually  Switched  Power  Outlets 

■  Six  DB-9  Serial  Console  Ports 

■  Port  Specific  Password  Protection 

■  Dial-Back  Security  on  Modem  Port 

■  Requires  Only  One  Rack  Unit 

■  Non-Connect  Port  Buttering 

■  Data  Rate  Conversion 
n  120  VAC  Model  -  NEMA  5-15  Outlets 

■  208/240  VAC  Model  -  IEC320  Outlets 


The  CMS-6R4  Console  Management  Switch  is  the  ultimate  tool  for  economical 
Remote  Network  Management.  Six  serial  ports  to  access  you  equipment’s  console 
ports,  Four  power  outlets  to  perform  remote  reboot  or  On/Off  control  plus  an  internal  modem 
with  dial-back  features  for  secure  out-of-band  access  -  all  in  a  space  saving  1 U  package!  System 
administrators  can  access  remote  devices  from  anywhere  via  telnet,  dial-up,  local  terminal  or  KVM  switch. 


CONSOLE  MANAGEMENT  SWITCH 


lac ,  5  Sifting.  Irwue.  Cm.  92618  —  hnp  Jfwww  wu  corn 


Visit  Website  for  Complete  NetReach™  Product  Line 

(800)  854-7226  •  www.wti.com 
5  Sterling  •  Irvine  •  California  92618-2517 
(949) 586-9950  •  Fax: (949) 583-9514 


Yes,  We  are  Customer  Friendly! 

✓  Two  Year  Warranty 

✓  We  Stock  for  Same  Day  Shipment 

✓  30  Day  Return  Policy 

✓  Call  or  Email  for  an  Online  Demo 


western  telematic  incorporated 


Problems  overwhelming  your  current  sniffer? 


Advance  to  the  next  level  with  Observer  11.  Now  with  enterprise-strength  VoIP  analysis.  Includes  enhanced  VoIP  troubleshooting, 
integrated  NetFlow  and  sFlow®  support,  MultiHop  Analysis,  and  64-bit  Windows  scalability.  It's  time  to  reset  your  analyzer. 


Wired  to  wireless .  LAN  to  WAN .  One  network  -  complete  control. 


NETWORK* 

INSTRUMENTS 


US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1959  569880 

www.networkinstruments.com/analyze 


enhanced  VoIP  support 
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OBSERVER 


sa!es@ser/ertech:£iaf? 


Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 


The  Sentry  CDU  distributes  power  for  Blade 
servers  or  up  to  42  dual-power  1U  servers 
in  one  enclosure.  Single  or  3-phase  input 
with  110VAC,  208VAC  or  mixed  110/208VAC 
single-phase  outlet  receptacles. 


Metered  CDU 

>  Local  input  Current  Monitoring 

Smart  CDU 

>  Local  Input  Current  Monitoring' 

>  Supports  External  Temperature  and 

Humidity  Probes  -  , 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Switched  CDU  .  /  /  .  ■ 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 

—  On  /  Off  /  Reboot  -  ;  .  U'< 

Server  Technology,  Inc.  toll  free  + 1. 800.835 ,j  51^/% 
1040  Sandhill  Drive  tel  +1.775<284.209i)  * 


Server  Technology,  Inc. 
1040  Sandhill  Drive 
Reno,  NV  89521 
USA 


How  Do  You  Distribute 
Power  in  Your  Data 
Center  Cabinet? 


.  •  -  v.  ... 


With  Sentry! 

CDU  Product  Family:  Metered,  Smart  &  Switched 


DServer  Technology,  Inc.  Sentry  is  a  trademark  of  Server  Technology,  Inc. 
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Instantly  Search 


Text 


♦  over  two  dozen  indexed,  unindexed,  fielded  data  and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF,  while  displaying  links,  formatting  and 


images 


♦  converts  other  file  types  (word  processor,  database,  spreadsheet,  email  and 
attachments,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 


♦  Spider  supports  static  and  dynamic  Web  content,  with  WYSWYG  hit-highlighting 

♦  API  supports  .NET /.NET  2.0,  C++,  Java,  SQL  databases.  New.NET/.NET  2.0  Spider  API 
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dtSearch®  Reviews 


'Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 
and  returns  results  in  less  than  a  second"  -  InfoWorld 


♦  "For  combing  through  large  amounts  of  data,  dtSearch  "leads  the  market" 

-  Network  Computing 

♦  "Blindingly  fast"-  Computer  Forensics:  Incident  Response  Essentials 

♦  "Covers  all  data  sources  ...  powerful  Web-based  engines"-  eWEEK 

♦  "Searches  at  blazing  speeds"-  Computer  Reseller  News  Test  Center 

♦  "The  most  powerful  document  search  tool  on  the  market"-  Wired  Magazine 
For  hundreds  more  reviews  —  and  developer  case  studies  —  see  www.dtsearch.com 


Contact  dtSearch  for  fully-functional  evaluations 


The  Smart  Choice  for  Text  Retrieval®  since  1991 

1-800-IT-FINDS  •  www.dtsearch.com 
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ampere,  anqiime  mi 

smart 


START 
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Nothing  gives  you  a  bigger  headache  than  infrastructure 
hardware  and  software  problems  at  the  wrong  time. 
Often  these  issues  cost  you  valuable  system  downtime 
and  require  a  site  visit  to  reboot  hardware.  Let 
SMARTstart  remote  power  distribution  systems  show 
you  the  efficient  way  to  manage  your  system's  power. 

•  Trusted  by  major  OEM's 

•  Reboot  from  anywhere,  anytime  via  web  or 
TCP/IP 

•  Remote  power  distribution  and  circuit  protection 
for  AC  or  -48  VDC  or  +24  VDC  systems 

•  Auto  reset  circuit  breaker  feature  addresses 
no  fault  breaker  trips  for  DC  systems 

AC  PDU  features  auto  power  on  sequence  in  the 
event  of  power  outages.  This  prevents  potential 
damage  as  a  result  of  inrush  currents  when 
power  is  suddenly  restored. 

.com/smart 

888-267-1195  MSi 

800  f SPECTRUM  CONTROL  INC. 
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Power  Management  Systems  Group 


Production  Tracking  Over  Ethernet 
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Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


Features  C  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

•  Larger  keyboard  and 


display  sizes  available 
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COMIT  TKKWISE. 

Call  1-800-255-3739  or  visit  www.Gomputerwlse.com 


Buy  Top  Quality 
Original  or 
100%  Compatible 
Memory  for  Your 
Desktop,  Laptop  or 
Server. 


1 ssMemoryStore.com 


100%  COMPATIBLE  MEMORY 


FACTORY  ORIGINAL  MEMORY 
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Order  online  and 
enter  discount  code 
"NETWW5" 
for  5%  off  of 
your  memory  order. 


~^J\/lemortj5forE.  com 

An  ISO-9001  2000  Company 


877-ADD-RAM9 

(877-233-7269) 


Copper  nTAPs 

10/100 . 

10/100/1000  . 


Unlike  a  SPAN  port,  TAPs  guarantee  a 
complete  copy  of  full-duplex  data  at  line 
rate  for  your  monitoring  device.  The  result? 
Knowing  you  have  the  entire  picture  before 
making  important  network  decisions. 


Copper  to  Optical  Conversion  nTAPs 
SXorLX... . $1,495 
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BACKSPIN 


Mark  Gibbs 


just  had  a  stimulating 
conversation  with 
Howard  Silverman,  sec¬ 
retary  of  the  Secure  Video 
Processor  Alliance,  and 

Broadband  Communication  Group’s  Brian  Sprague,  vice 
president  of  marketing  for  Set-Top  Boxes  and  DTV  whose 
company  is  a  founding  member  of  the  alliance. 

The  SVP  Alliance  is  “an  industry  association  dedicated 
to  the  adoption  of  SVP  content-protection  technology  in 
digital  home  networks  and  portable  devices.’To  put  that 
another  way  the  alliance  is  trying  to  get  video  content  dis¬ 
tribution  networks  and  manufacturers  of  video  playback 
devices  to  use  the  SVP  Digital  Rights  Management  (DRM) 
technology  to  prevent  piracy 
The  SVP  DRM  system  is  based  in  a  chip  on  the  viewing 
device  and  looks  at  datastreams  to  see  if  they  are  SVP 
protected  and  whether  the  associated  rights  allow  the 
video  to  be  shown  on  that  display  If  the  content  is  autho¬ 
rized  it  is  decrypted  on  the  fly  and  voila! 

The  system  is  based  on  some  kind  of  digital  certificate 
system,  with  every  SVP  chip  having  a  unique  ID  and  cer¬ 
tificate  against  which  specific  content  is  authorized  for  a 
specific  time  period.  Silverman  told  me  the  extra  electron¬ 
ics  adds  little  to  the  display  device’s  cost. 

The  argument  for  using  SVP  is  that  video  piracy  costs 


DRM,  consumers  and  the 

i 


the  industry  money  The  alliance  references  the  Motion 
Picture  Association  of  America’s  claim  of  $61  billion  of 
lost  revenue  in  2005.This  is,  of  course,  a  hugely  debatable 
number  and  presupposes  that  without  piracy  that  revenue 
would  actually  be  acquired,  but  that’s  a  topic  for  another 
column. 

On  the  face  of  it,  the  SVP  proposition  sounds  reason¬ 
able:  A  low-cost  embedded  hardware  solution  that  pro¬ 
vides  transparent,  robust  content  protection.  Unfortunately 
the  reality  will  not  be  quite  as  good. 

What  the  SVP  Alliance  is  really  claiming  is  it  will  have  a 
God  chip,  a  chip  so  sophisticated  and  powerful  that  it 
can’t  be  hacked,  won’t  have  significant  bugs  and  will  do 
its  job  cheaply  and,  in  effect,  perfectly 

The  biggest  problem  is  that  a  God  chip  is  not  possible.  If 
a  human  mind  can  build  it,  a  human  mind  can  defeat  it. 
For  this  reason  it  is  a  certainty  that,  should  the  SVP  system 
become  ubiquitous  in  consumer  electronics,  lots  of  really 
clever  people  will  eventually  figure  out  how  to  defeat  it. 
Just  consider  that  Apple’s  iTunes  7  DRM  was  hacked 
exactly  eight  hours  after  it  was  announced! 

The  next  issue  is  whether  the  alliance’s  DRM  system  will 
be  bug-free.This  isn’t  just  dependent  on  the  SVP  chip,  but 
on  the  ecosystem  it  will  be  part  of.  Even  if  the  chip  is  flaw¬ 
less,  interactions  with  other  components  and  the  actual 
content  it  protects  means  bugs  will  appear. These  could 


God  chip 

be  as  minor  as  video  artifacts  or  as  major  as  preventing 
playback,  but  something  will  go  wrong. 

Occasionally  SVP-enabled  devices  will  fail,  and  failed 
DRM  systems  are  a  problem.  Have  you  reauthorized  your 
iTunes  library?  A  Google  search  will  show  you  that  people 
spit  teeth  to  get  the  job  done.  Oh,  and  as  of  this  writing, 
iTunes  7  prevents  purchased  content  from  being  played 
on  Motorola  SLVR  and  ROKR  iTunes  phones! 

What’s  interesting  is  the  way  the  SVP  chaps  talk  about 
DRM. They  say  things  like  “consumers  want  to  be  able  to 
easily  move  content  from  one  device  to  another?  And  this 
is  true;  it  isn’t  easy  because  the  industry  hasn’t  made  it 
easy  Look  at  the  back  of  the  DirecTV  personal  video 
recorder: You’ll  find  USB  ports  that  don’t  work  because 
DirecTV  has  dumbed  down  their  version  ofTiVo! 

The  SVP  chaps  also  say  DRM  “keeps  honest  people  hon¬ 
est.”  Is  it  just  me  or  is  that  the  weakest  argument  you  have 
ever  heard  for  DRM? 

I’ve  said  it  before:  Once  content  becomes  digital  the 
genie  is  out  of  the  bottle  forever  and  DRM  in  any  form 
won’t  put  it  back  in. With  DRM,  the  only  people  to  lose  out 
will  be  consumers  whose  use  of  content  will  be  made 
more  complicated,  more  frustrating  and  more  expensive. 

Express  your  writes  to  backspin@gibbs.com  or  on 
Gibbsblog. 
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News,  insights  and  oddities 


If  it’s  important  for  the  military,  why  not  us? 


Paul  McNamara 


The  Department  of  Defense  and  an  e-mail  encryption 
company  called  PostX  are  about  to  announce  that  PostX 
has  been  chosen  to  fix  what  has  long  been  a  thorny 
problem  for  the  military:  ensuring  that  absentee  ballots  of  soldiers  serving  overseas 
get  collected  and  counted.This  is  welcome  news  by  any  measure,  as  it's  impossible  to 
argue  with  the  notion  that  men  and  women  serving  this  country  abroad  deserve  to 
have  their  votes  delivered  and  counted  back  home. 

However,  the  development  does  raise  questions,  primary  among  them:  What  about 
the  rest  of  us?  Absentee  voting  in  general  is  notoriously  difficult  and  unreliable.  Not  a 
day  goes  by  without  news  of  yet  another  vulnerability  in  our  electronic  voting  systems 
or  injustice  in  voting  laws  and  regulations.  And,  because  the  execution  of  absentee  vot¬ 
ing  by  military  personnel  has  been  a  hot  potato  in  recent  years  —  particularly  in  the 
aftermath  of  the  2000  presidential  election  —  there  are  going  to  be  questions  asked 
about  the  fairness  of  treating  one  class  of  voter  better  than  others,  in  particular  when 
the  political  leanings  of  that  class  are  clearly  understood. 

As  for  the  upcoming  Defense  Department/PostX  announcement,  here’s  more  from  a 
company  spokeswoman’s  e-mail: 

“Many  soldiers  overseas  jump  through  hoops  to  send  in  votes  each 
election,  but  are  they  even  counted?  While  our  Armed  Forces  are 
defending  America,  shouldn’t  their  votes  count  the  most?  [PostX  has 
been  chosen]  to  enable  secure  absentee  ballot  retrieval  by  the  U.S. 

Armed  Forces  via  Web,  e-mail  from  a  desktop  computer  or  a  mobile 

device  regardless  of  where  [military  personnel]  are  stationed _ The 

PostX  solution  will  allow  soldiers  to  check  registration  status,  request 
ballots  and  print  ballots,  making  the  process  of  absentee  ballots  much 
faster  and  more  efficient  than  in  the  past.” 

In  addition,  you  can  read  a  Defense  Department  memo  at 
www.nwdocfinder.com/5373  that  goes  into  great  detail  regarding  the 
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McNamara's  online  archive: 

www.nwdocfinder.com/1032 
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challenges  faced  by  military  personnel  trying  to  vote  from  their  posts,  and  the  pluses 
and  minuses  of  various  solutions,  including  those  from  PostX. 

I've  met  periodically  with  PostX  executives  for  all  of  the  10  years  the  company  has 
been  around  and  have  always  been  impressed  with  its  products. There’s  little  doubt  in 
my  mind  that  PostX  will  get  the  job  done.  And  while  I  am  no  fan  of  Internet  voting,  or 
electronic  voting  in  general,  there  certainly  can  be  justification  for  extraordinary  mea¬ 
sures  —  properly  secured  —  when  the  voting  rights  of  Americans  are  at  stake. 

According  to  the  company  spokeswoman:  “PostX  [has]  tapped  Fortify  Software  to 
analyze  the  integrity  of  the  PostX  code  base  as  it  was  built  to  meet  the  needs  of  the 
[Department  of  Defense]  and  our  armed  forces.” 

All  well  and  good.  I  will,  however,  take  exception  to  one  point  made  by  the  PostX 
spokeswoman:  No,  the  votes  of  military  personnel  —  wherever  stationed  —  should  not 
count  the  most.  Our  military  personnel  are  not  tasked  with  defending  their  right  to  vote 
but  the  rights  of  all. 

A  soldier's  right  to  vote  should  be  considered  no  more  important  than  that  of  his  sis¬ 
ter  serving  in  the  Peace  Corps  or  of  his  brother  studying  abroad.  It  should  be  consid¬ 
ered  no  more  important  than  his  parents’  right  to  vote  back  home  without  first  enduring 
an  eight-hour  wait  in  line  or  the  uncertainty  of  not  knowing  whether 
their  ballots  were  counted  by  an  electronic  voting  machine  that  pro¬ 
duces  no  auditable  paper  trail. 

So  good  for  the  military  brass  for  keeping  on  this  problem  and  here’s 
hoping  that  with  the  help  of  modern  technology  they've  got  it  licked. 

And  now  it’s  up  to  the  rest  of  us  to  keep  the  heat  on  our  political 
leaders  to  make  sure  that  everyone  gets  to  vote  stateside,  too  . . .  and 
that  every  vote  gets  counted. 


No  advanced  technology  needed  to  let  me  know  what  you  're  thinking.  The 
address  is  buzz@nww.com. 
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NetVanta  7100: 

A  phone  system  and 
data  network, 

all  in  a  single  device 


Simple 

and 
affordable 
IP  Telephony 

NetVanta  7100 — Everything  a  small  office 
needs  for  voice,  data  and  Internet 


The  ADTRAN  NetVanta®  7100  is  the  newest  addition  to  our  field- 
proven  suite  of  NetVanta  switches,  routers  and  VPN/Firewall  solutions. 

This  new  IP  PBX  with  integrated  switch-router — an  Office  in  a  Box — 
provides  a  complete  solution  for  growing  small  and  medium 
businesses.  Your  office  communications  can  be  up  and  running 
quickly  and  smoothly  with  this  converged  IP  platform. 
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Imagine  a  comprehensive  telephony  and  data  networking 
solution  that  consolidates  voice,  data,  Internet  and  security - 
all  in  a  single  device. 


High  costs  for  communications  are  now  a  thing  of  the  past. 

With  ADTRAN,  you  can  easily  lower  your  total  cost  of  ownership.  Every 
NetVanta  includes  ADTRAN’s  100%  satisfaction  guarantee,  backed 
by  industry -leading  technical  support  (before  and  after  the  sale), 
free  firmware  upgrades,  and  a  full  5-year  warranty. 

www.adtran.com/ipt 

1.800  9 ADTRAN 

(923-8726) 
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No  per  user  license  fees 
Powerful,  enterprise-class  solution 
Handles  up  to  20  million  messages  per  day 
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